Mozilla Increases Bug Bounty
Written by Alex Armstrong   
Friday, 12 June 2015

The top payout in Mozilla's Bug  Bounty Program has risen to $10,000 or more. Mozilla has also widened the range of vulnerabilities it covers.

mozilladev

 

The post on the Mozilla security blog indicates that this increase reflects the fact that Mozilla values its security researchers.

Ray Forbes writes:

The Bug Bounty Program is an important part of security here at Mozilla.  This program has paid out close to 1.6 million dollars to date and we are very happy with the success of it.  

Those of us on the Bug Bounty Committee did an evaluation of the Firefox bug bounty program as it stands and decided it was time for a change.

And the change means not only more money for critical vulnerabilities but also payouts for moderate ones.

Forbes continues::

We have dramatically increased the amount of money that a vulnerability is worth.  On top of that, we took a look at how we decided how much we should pay out.  Rather than just one amount that can be awarded, we are moving to a variable payout based on the quality of the bug report, the severity of the bug, and how clearly the vulnerability can be exploited.

He also says that the amount paid for Moderate rated vulnerabilities. will be determined by the committee, but the general range is $500 to $2000.  This doesn’t mean that all Moderate vulnerabilities will be awarded a bounty but some will.

 

This table shows what is required for each level of payment:

Type and level of bug Reward
Novel vulnerability and exploit, new form of exploitation or an exceptional vulnerability $10,000+
High quality bug report with clearly exploitable critical vulnerability $7,500
High quality bug report of a critical or high vulnerability $5000
Minimum for a high or critical vulnerability $3,000
Medium vulnerability $500- $2,500

 

The following general conditions apply:

  • Security bug must be original and previously unreported.
  • Security bug must be a remote exploit, the cause of a privilege escalation, or an information leak.
  • Submitter must not be the author of the buggy code nor otherwise involved in its contribution to the Mozilla project (such as by providing check-in reviews).
  • Employees of the Mozilla Foundation and its subsidiaries are ineligible. 

If two or more people report the bug together the reward will be divided among them.

mdnsq

 

Banner


Meta Releases OpenSource Podcast Generating Tool
28/11/2024

Meta has released an open source project that can be used to automatically convert a PDF file into a podcast. Meta says Notebook Llama can be considered an open-source version of Google's NotebookLM.

 [ ... ]



A Tee Is Not Just For Xmas - Top Tees
20/12/2024

Programmer gifts - easy idea, difficult implementation.  Here's our pick of tee-shirts for giving, buying or just wearing at any time of the year.


More News

 

espbook

 

Comments




or email your comment to: comments@i-programmer.info

Last Updated ( Friday, 12 June 2015 )