Jump to content
Aerosol

Mozilla doubles bug bounties to $10k

Recommended Posts

Foxing the holes in the code

fox_9889345.jpg?x=648&y=429&crop=1

Mozilla has more than doubled the cash rewards under its dusty bug bounty to beyond $10,000.

The browser baron has increased the reward for high-severity bugs such as those leading to remote code execution without requiring other vulnerabilities.

Engineer Raymond Forbes says the bounty had not been updated in five years and had fallen out of step.

"The amount awarded was increased to $3000 five years ago and it is definitely time for this to be increased again," Forbes says.

"We have dramatically increased the amount of money that a vulnerability is worth [and] we are moving to a variable payout based on the quality of the bug report, the severity of the bug, and how clearly the vulnerability can be exploited.

"Finally, we looked into how we decide what vulnerability is worth a bounty award."

Mozilla previously awarded $3000 for critical vulnerabilities that could seriously endanger users. It paid small amounts for only some moderate vulnerabilities that will under the revamp now attract up to $2000.

The Firefox forger also launched its security bug hall of fame which is a common and important component of bug bounty programs, and will open a version for web and services.

Bug bounties are enjoying a boom of late with many large organisations opening in-house and outsourced programs to attract security vulnerability researchers.

The schemes promise to increase the security profile of organisations while providing hackers with an opportunity to practice their skills and earn cash or prizes without the threat of legal ramifications.

Programs must be properly set up prior to launch including clear security policies and contact details posted to an organisation's web site, and strong communication between IT staff and bug hunters.

Hackers will often drop unpatched vulnerabilities to the public domain if an organisation fails to respond or refuses to fix the bugs.

Source

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.



×
×
  • Create New...