Will Mozilla's $3,000 bug bounty make Firefox secure? - The Community's Center for Security


The central voice for Linux and Open Source security news

Welcome!

Sign up!

EnGarde Community

Polls

What is the most important Linux security technology?

	SELinux
	grsecurity
	CIS Benchmark
	Bastille Linux
	iptables
	LIDS

Advisories

Community

Linux Events

Linux User Groups

Link to Us

Security Center

Book Reviews

Security Dictionary

Security Tips

SELinux

White Papers

Featured Blogs

All About Linux

DanWalsh LiveJournal

Securitydistro

Latest Newsletters

Linux Security Week: May 14th, 2012

Linux Advisory Watch: May 10th, 2012

LinuxSecurity Newsletters

RSS Feeds

Get the LinuxSecurity news you want faster with RSS

Will Mozilla's $3,000 bug bounty make Firefox secure?

User Rating:

How can I rate this item?

Source: Internet News - Posted by Alex

Mozilla is increasing the amount it pays security researchers for bugs from $500 up to $3,000. I personally think that's a very good thing. There has long been a debate about whether or not vendors should pay for security flaws. In my view, the flaws are going to be discovered whether or not a vendor is paying for them. The question is how they will be disclosed and whether or not those flaws will end up putting millions of users at risk - or not. By paying for flaws, what Mozilla is doing is providing an economic model for both security researchers and for itself. For security researchers, a $3,000 payment is not an unreasonable sum in my view and it's more than the $1,337 that Google pays. HP's TippingPoint also pays for security flaws as well though they seem to have a floating scale on payments as far as I can tell.

Read this full article at Internet News