MozillaZine

Mozilla Security Bugs Bounty Program Launched

Monday August 2nd, 2004

The Mozilla Foundation has announced a Security Bug Bounty Program. Under the new scheme, any user who reports a critical security vulnerability in end-user Mozilla software will receive a US$500 reward. The program is being funded by Linux distributor Linspire (formerly Lindows.com) and Internet entrepreneur and space tourist Mark Shuttleworth. The Mozilla Security Bug Bounty page has more details, including the process for reporting vulnerabilities and under what circumstances a report is eligible (unfortunately for sloppy developers, you cannot claim a bounty for a bug in your own code!). Netscape has run a bug bounty program in the past, though this latest Mozilla initiative is unrelated.

In addition, the Mozilla Foundation has updated the Mozilla Security Center with tips for safe browsing and information about how Mozilla keeps you secure.

Update: The article has been rewritten to include additional information. Thanks to CoffeeBreaks for his contributions to this report.


#1 Great news!

by naylor83 <d.naylor@swipnet.se>

Monday August 2nd, 2004 10:43 AM

Reply to this message

This is a beatiful idea, which (hopefully) will help keep mozilla way ahead of Microsoft, safety-wise.

#2 Holy Crap!

by Simplex

Monday August 2nd, 2004 11:14 AM

Reply to this message

This is so unprecedented! This will be major wonderful press for mozilla!

#3 Re: Holy Crap!

by AlexBishop <alex@mozillazine.org>

Monday August 2nd, 2004 11:50 AM

Reply to this message

"This is so unprecedented!"

This is so 1995!

<http://home.netscape.com/…ref/pr/newsrelease48.html>

Alex

#4 Re: Re: Holy Crap!

by roseman

Monday August 2nd, 2004 11:55 AM

Reply to this message

you mean we finally should give up Mosaic 0.9 ?? --- what does US-CERT say about switching sway from Mosaic?

#5 Re: Re: Re: Holy Crap!

by roseman

Monday August 2nd, 2004 12:07 PM

Reply to this message

<http://archive.ncsa.uiuc.…-w/releaseinfo/index.html> --- whoa! NCSAA Mosaic is actually already up to version 3.0 :( i must slept thru the 90's :( <ftp://ftp.ncsa.uiuc.edu/M…indows/Archive/index.html>

#7 Re: Re: Holy Crap!

by Simplex

Monday August 2nd, 2004 1:35 PM

Reply to this message

Yeah, I kind of jumped the gun on that one, didn't I?

#6 mozilla.org's page on security

by danielwang <stolenclover@yahoo.com.tw>

Monday August 2nd, 2004 12:19 PM

Reply to this message

The article (and security page) missed this: <http://www.mozilla.org/st…nk-control.html#read_junk>

#8 a few typos

by jacooks

Monday August 2nd, 2004 1:46 PM

Reply to this message

I noticed a few typos in the document, send off the information to <webmaster@mozilla.org>, hopefully that's the right place. We all want this to look good since the press will be quoting and referencing it.

#9 More bounties

by calroth

Monday August 2nd, 2004 7:33 PM

Reply to this message

Mark Shuttleworth has been offering bounties for development for various open-source projects for a while now, including a few for Mozilla (non-security related).

<http://www.markshuttleworth.com/bounty.html>

#10 Monetary Incentives

by squaredancer

Tuesday August 3rd, 2004 3:45 AM

Reply to this message

hi @ ALL

I reckon that this may be a good thing! There are most likely at least #some# virus-programmers out there who would prefer $500, rather than risk a visit from the CIA, FBI or whoever!

#11 you do the math

by roseman

Wednesday August 11th, 2004 9:30 AM

Reply to this message

<http://www.userfriendly.o…chives/04aug/uf007021.gif> --- now we know why MS does not do the same *tee.hee*

#12 Re: you do the math

by roseman

Wednesday August 11th, 2004 9:31 AM

Reply to this message

<http://ars.userfriendly.org/cartoons/> --- then look for August.11.2004 previous url went to cartoon directly, but site preferes you goto home page, then navigate by date :) sorry...

#13 try this url (RE: you do the math)

by roseman

Wednesday August 11th, 2004 9:37 AM

Reply to this message

<http://ars.userfriendly.org/cartoons/?id=20040811> --- i think this url will work directly -- MS somehow seems, smaller now :)

#14 Re: try this url (RE: you do the math)

by roseman

Thursday August 12th, 2004 9:15 AM

Reply to this message