Slashdot Mirror

← Back to Stories (view on slashdot.org)

More Than 10% of Mozilla Bug Finders Refuse Cash

Posted by Soulskill on from the never-underestimate-the-power-of-free-swag dept.

angry tapir writes "The open-source Mozilla project has been offering cash bounties for security bugs for six years now, but often bug finders simply turn down the cash. Between 10 percent and 15 percent of the serious security bugs reported since Mozilla launched its bug bounty program have been provided free of charge, according to Mozilla."

6 of 115 comments (clear)

  1. Job may not allow you to accept cash bounty by catherder_finleyd · · Score: 5, Informative

    If one were to find the bug in the course of one's job, the employer may not allow you to accept a cash bounty. This is certainly the case in the US Federal Government, as well as many Federal Contractors.

    1. Re:Job may not allow you to accept cash bounty by plcurechax · · Score: 2, Informative

      The situation may also become marginal or not worth the effort for foreigners to accept the cash, if they need to hire a tax lawyer to deal with foreign income, as most countries don't consider foreign prizes ("windfall") or "bounties" as tax-free (or zero-rate tax rate) income.

      Let alone you live / work in a country that is not trusting of US Government and US organizations (think: Cuba, China, Philippines, Latin America), may consider it "proof" of being a spy. Why else would some foreign US non-profit organization group just "give" you money, you capitalist whore?

  2. Re:More evidence... by Anonymous Coward · · Score: 2, Informative

    Y'know if they wanted to refuse the cash... instead of letting Mozilla keep it, have them donate it to the charity of their choice. Just sayin'.

    Maybe you should read the article?

    "A lot of people would say, 'Don't worry about it. Donate it to the EFF [Electronic Frontier Foundation] or just send me a T-shirt,'"

  3. Re:15% is not a lot by Anonymous Coward · · Score: 1, Informative

    https://developer.mozilla.org/en/How_to_get_a_stacktrace_for_a_bug_report

    https://developer.mozilla.org/en/Bug_writing_guidelines

  4. Re:More evidence... by somegeekynick · · Score: 5, Informative
    I realise that we might only end up debating semantics and matters concerning law (*shudder*) but, for what it's worth,

    The Mozilla Foundation, which is registered as a charity in the United States...

    Source And, California registration by the Mozilla Foundation as a charitable trust.

  5. Re:More evidence... by clarkkent09 · · Score: 2, Informative

    a) 90% accept cash for their work. Evil bastards!

    b) Talking about socialism, good thing we don't have unions in software industry or they wouldn't look too kindly on all these people working for free.

    --
    Negative moral value of force outweighs the positive value of good intentions.