Slashdot Mirror

← Back to Stories (view on slashdot.org)

More Than 10% of Mozilla Bug Finders Refuse Cash

Posted by Soulskill on from the never-underestimate-the-power-of-free-swag dept.

angry tapir writes "The open-source Mozilla project has been offering cash bounties for security bugs for six years now, but often bug finders simply turn down the cash. Between 10 percent and 15 percent of the serious security bugs reported since Mozilla launched its bug bounty program have been provided free of charge, according to Mozilla."

22 of 115 comments (clear)

  1. More evidence... by fuzzyfuzzyfungus · · Score: 5, Funny

    More evidence, if any were needed, that "Open Source" software is a sinister communist plot that defies all sound economic principles.

    Sincerely,
    S. Ballmer.

    1. Re:More evidence... by VJ42 · · Score: 4, Insightful

      Y'know if they wanted to refuse the cash... instead of letting Mozilla keep it, have them donate it to the charity of their choice. Just sayin'.

      That's effectively what they're doing - the 'charity' of their choice being the Mozilla foundation.

      --
      If I have nothing to hide, you have no reason to search me
    2. Re:More evidence... by Anonymous Coward · · Score: 2, Informative

      Y'know if they wanted to refuse the cash... instead of letting Mozilla keep it, have them donate it to the charity of their choice. Just sayin'.

      Maybe you should read the article?

      "A lot of people would say, 'Don't worry about it. Donate it to the EFF [Electronic Frontier Foundation] or just send me a T-shirt,'"

    3. Re:More evidence... by maxume · · Score: 2, Insightful

      It's a non-profit organization. That doesn't make it a charity, it just means it has a special tax status.

      The fact that they accept donation gives some credence to the idea of calling them a charity; that they make far more money from their business activities at least makes it questionable.

      --
      Nerd rage is the funniest rage.
    4. Re:More evidence... by kg8484 · · Score: 5, Insightful

      Ah, so what you really meant is:

      Y'know if they wanted to refuse the cash... instead of letting Mozilla keep it, have them donate it to the charity of my choice. Just sayin'.

    5. Re:More evidence... by somegeekynick · · Score: 5, Informative
      I realise that we might only end up debating semantics and matters concerning law (*shudder*) but, for what it's worth,

      The Mozilla Foundation, which is registered as a charity in the United States...

      Source And, California registration by the Mozilla Foundation as a charitable trust.

    6. Re:More evidence... by clarkkent09 · · Score: 2, Informative

      a) 90% accept cash for their work. Evil bastards!

      b) Talking about socialism, good thing we don't have unions in software industry or they wouldn't look too kindly on all these people working for free.

      --
      Negative moral value of force outweighs the positive value of good intentions.
    7. Re:More evidence... by Snaller · · Score: 2, Insightful

      Bullshit. The Mozilla foundation is not a charity nor is giving them money charity.

      --
      If Google really cared they would fix Android Chrome to reflow text, instead of discriminating
  2. Actually by Monkeedude1212 · · Score: 5, Funny

    There was a bug in the bug submit form. I couldn't check off the box at the bottom that said "Wants Cash".

    Does that form work in Netscape?

    1. Re:Actually by Winckle · · Score: 4, Funny

      Only in IE6 i'm afraid. :(

  3. Job may not allow you to accept cash bounty by catherder_finleyd · · Score: 5, Informative

    If one were to find the bug in the course of one's job, the employer may not allow you to accept a cash bounty. This is certainly the case in the US Federal Government, as well as many Federal Contractors.

    1. Re:Job may not allow you to accept cash bounty by thejam · · Score: 3, Insightful

      Also, your work visa may not allow you to accept cash for work of another employer.

    2. Re:Job may not allow you to accept cash bounty by plcurechax · · Score: 2, Informative

      The situation may also become marginal or not worth the effort for foreigners to accept the cash, if they need to hire a tax lawyer to deal with foreign income, as most countries don't consider foreign prizes ("windfall") or "bounties" as tax-free (or zero-rate tax rate) income.

      Let alone you live / work in a country that is not trusting of US Government and US organizations (think: Cuba, China, Philippines, Latin America), may consider it "proof" of being a spy. Why else would some foreign US non-profit organization group just "give" you money, you capitalist whore?

  4. "Often"? by Thats_Pipe · · Score: 3, Insightful

    "... often bug finders simply turn down the cash. Between 10 percent and 15 percent ..."

    Not too sure what connotations "often" has for others but 10-15% doesn't really seem that "often"

    --
    "You see them trees out back, I take care of them. I'm a tree, I'm a tree wizard." - Crazy Homeless Guy
    1. Re:"Often"? by correnos · · Score: 5, Insightful

      In the context of "here have some cash", 15% is pretty often.

  5. Re:But 90% accept the cash... by bsDaemon · · Score: 4, Interesting

    That's not necessarily true. Is 10% higher or lower than in previous years? Is the data such that a trend can be measured? besides, I wouldn't say that cash is necessarily the a direct motivator. Identifying that a bug exists is often times easier than being able to fix it, and tipping off the people who are in a position to fix a problem in a piece of software you rely on is also a valid motivation.

    Alternatively, getting your name out there as someone who is smart and gets things done can and often does lead to other opportunities.

  6. nor would I accept it by FuckingNickName · · Score: 3, Interesting

    I've helped out in projects which help the wider community but which are controlled in some way by organisations which I do not approve of. In such cases, I refuse to take anything but expenses. Benefitting from some organisation of which you disapprove is morally bankrupt, but helping out a good cause which happens to be promoted by that organisation is a fine act.

    To do a bit of occupatio:

    1. No, the effort in finding the bug isn't an expense, unless you're one of those consumer-citizen types who translates each hour into some cash value;

    2. Something exists outside of its ownership. It is not inconsistent to judge that Firefox is good but the Mozilla Foundation is bad.

    1. Re:nor would I accept it by Anonymous Coward · · Score: 2, Funny

      this post took me 27 seconds to read... you owe me $1.75.

  7. Re:15% is not a lot by Thiez · · Score: 4, Interesting

    It's more often than one would expect. If I walked around handing out free cash, and 49% of people refused it (that is, less than 'may be called often' according to you), that is still much more often than most people would expected.

    Finding bugs could be considered a job. If 10 to 15% of people don't expect to be paid for their work, wouldn't you agree that's significantly more than expected?

  8. Something more desired than cash. by shadowrat · · Score: 5, Funny

    These guys are probably finding bugs in Mozilla to get laid. I know my wingmen and i have used that line to great success many times. You wouldn't believe how fast the ladies forget the fighter pilots, basketball players, and CIA agents at the bar when I tell them about a DOM parsing error i discovered!

    To seal the deal i tell them i didn't want the money as i'm already super rich. Tomorrow i leave for africa to help impoverished children install Ubuntu.

  9. Re:But 90% accept the cash... by El_Muerte_TDS · · Score: 2, Insightful

    There are no statistics of how many people who accept the cash donate it to other open source projects who need the cash.

  10. In other news by Zepalesque · · Score: 3, Insightful

    Almost 90% of Mozilla Bug Finders Accept Cash Reward!