Mozilla extends bug bounty to apps
Posted on 15 Dec 2010 at 10:40
Mozilla has extended its bug bounty to cover its web applications.
The open-source developer already offers up to $3,000 for serious flaws in Firefox, and has previously paid out for a few web app bugs, but wants to formalise the scheme to incentivise researchers.
"We want to encourage the discovery of security issues within our web applications with the goal of keeping our users safe," said Chris Lyon, director of infrastructure security, in a post on the Mozilla blog.
"We also want to reward security researchers for their efforts with the hope of furthering constructive security research," he added.
Mozilla will pay $500 for high severity bugs and $3,000 for "extraordinary" flaws. It will initially only pay out for a select few applications on certain sites, but still asks researchers to hand in vulnerabilities found in other apps.
"If you find an issue with a site which is not 'officially' part under the web application bug bounty, we would still like to know," Mozilla says on the bug bounty page, which lists the qualifying applications.
"If the bug is extraordinary, we might still consider the bug to be nominated for a bounty. In the past we have paid for interesting bugs which are outside of normal policy."
Google extended its bug bounty to websites last month, but is yet to include apps, while Microsoft refuses to pay security researchers for turning in vulnerabilities.
Is your business a social business? For helpful info and tips visit our hub.
- Hello Cortana, it's nice to meet you
- Windows 8.1 Update: an abject surrender
- The insane economics of Sky Now TV
- No such thing as a free app... so pay up if you want quality
- Time to outlaw crapware-laden installers
- Windows Phone 8.1 video: hands-on
- Office for iPad: key information
- Why every PC buyer owes Richard Durkin a debt of gratitude
- HTC One M8 vs Samsung Galaxy S5: 2014's big-hitters compared
- Windows XP end of life: key information
- How to write your company's IT security policy
- The key to choosing a secure password
- Please stop reposting fake Facebook messages
- Is Facebook safe for business?
- Don't rely on Chrome's password vault
- Facebook Graph Search: don't panic
- Gmail drafts and Pastebin: could they evade the email snoops?
- Applying for a job at GCHQ? Here's your plain-text password
- Google two-step verification: a must for business email
- Yes, I write down my passwords