Posted on Friday, July 16 2010 @ 21:20 CEST by Thomas De Maesschalck
Mozilla
announced a refresh of its Security Bug Bounty Program. One of the major changes is that the company will now pay $3,000 to reporters of valid security bugs in Firefox or Thunderbird, up from $500 before:
For new bugs reported starting July 1st, 2010 UTC we are changing the bounty payment to $3,000 US per eligible security bug. A lot has changed in the 6 years since the Mozilla program was announced, and we believe that one of the best way to keep our users safe is to make it economically sustainable for security researchers to do the right thing when disclosing information.
We have also clarified the products covered under the bounty to better reflect the threats we are focused upon. We still include Firefox and Thunderbird obviously, but we also added Firefox Mobile and any Mozilla services that those products rely upon for safe operation. These are products we have traditionally paid bounties for in a discretionary basis anyway, but we wanted to make that explicit. Release and beta versions of those products are eligible. Mozilla Suite bugs however is no longer eligible, as it is not an officially released nor supported Mozilla product.
