More Than 10% of Mozilla Bug Finders Refuse Cash

angry tapir writes "The open-source Mozilla project has been offering cash bounties for security bugs for six years now, but often bug finders simply turn down the cash. Between 10 percent and 15 percent of the serious security bugs reported since Mozilla launched its bug bounty program have been provided free of charge, according to Mozilla."

What Nobel people...

[Itninja]

I have heard that the Nobel prize people will call and ask someone if they would accept the prize if it were offered them. If they say yes, then it's "Great! You have been offered a Noble Prize in %category%!". But if the potential winner indicates they are not really interested in material prizes, they just never offer the prize at all. That way they can say no one has ever turned down a Nobel.

I wonder if the Firefox people do the same thing in reverse. They would call the potential bounty winners (maybe just those in $1000+ range) and say something like "Hi there. This security bug you found might be worth a decent size bounty. If we offered it to you, would you actually take our money or or do something noble and selfless like allowing us to donate it? ". If the winner says they would probably just donate it, then it's all "Super! We will donate it! You're the best". If they take the money then it's "No problem. We offer you $50 for this.".

Of course I seriously doubt this happens at all. But it's fun to start vicious rumors about non-profits >:)