Mozilla Ramps Up Vulnerability Reward Program

[JMH]

Mozilla announces that it has brought its security bounty program in line with the new economic times and has increased the reward paid to researchers for eligible security bugs from $500 to $3,000. It has also officially added Firefox Mobile and other Mozilla services to the list of products covered by the program.

Mozilla launched in Security Bug Bounty Program back in 2004 with support from former OEM Linux distributor Linspire and Mark Shuttleworth, a well known Internet entrepreneur and founder of Canonical, the company behind the popular Ubuntu Linux operating system. The idea for the program came from a similar project run at Netscape in the '90s.

Mozilla used to reward researchers with $500 for every discovered bug that was determined to be critical or high according to its own severity ratings and remotely exploitable. In general, critical bugs are the ones allowing for arbitrary code execution on users's systems, while high ones are those leading to the exposure of highly-sensitive information.

More -
Mozilla Ramps Up Vulnerability Reward Program - $3,000 now paid for every eligible bug and new products covered - Softpedia

 

[Kari]

Mozilla raises bounty for security bugs to $3,000

The reward for finding eligible security vulnerabilities will increase from $500, and the program extended to cover more Mozilla software.

Mozilla, the organization behind the Firefox Web browser, has upped the amount it will pay security researchers for information on security bugs in its products from $500 to $3,000.

The change is part of what Mozilla calls a refresh of its Security Bug Bounty Program, which launched in 2004.

Mozilla raises bounty for security bugs to $3,000 | Security Central - InfoWorld

 

[Kari]

Didn't notice we were posting this news at the same time. Luckily mods noticed and merged the threads