Mozilla Starts Bug Bounty Program

AnamanFan writes "The Mozilla Foundation announced the Mozilla Security Bug Bounty Program, an initiative that rewards users who identify and report security vulnerabilities in the open source project's software. Sponsered by Linspire, Inc and Mark Shuttleworth, the program will give $500 to users who report a significant bug in Mozilla software. Users who identify security bugs in Mozilla software are encouraged to go to the Security Projects Page for more information."

I wonder if he's kicking himself...

[NoMercy]

A few days ago you might remember someone who created an article on the vunribilities of a fake browser being made in a empty window using XUL...

Guess he's 500 dolars down for blowing the whistle a week early :)

Continuing the Netscape Legacy

Until fairly recently, Netscape used to have a similar bug bounty program but they offered $1000. So it's really just a continuation of the legacy.

Re:I'll stick my neck out

[mytec]

My perception of the success Mozilla/Firefox has beside a breadth of features is its security. I wonder if this bounty is more preemptive in nature to help ensure the positive security piece-of-mind Mozilla/Firefox has rather than the type of bounty Tex has.

If Mozilla/Firefox where to lose the mainstream perception of a more secure browser why would users of IE switch?

Re:Skills

[jeff67]

True, debugging is not on curricula. But you will almost certainly fail out of school if you don't start picking up debugging basics immediately after you write your first line of code (bug).

We will probably never get to see them

[bdigit]

Mozilla likes to do security through obsecurity. Dont believe me. Look through the bug reports, any of them that contain any type of security vulnerability and locked down and you are unable to view them. Whats up with that mozilla?