Rob Stradling wrote: > Gerv, how about asking Google to add NSS to the list of projects that > are in-scope for this new rewards program? > > I believe Chromium still uses NSS for TLS, and so NSS would qualify for > the "Open-source foundations of Google Chrome" category. > > Firefox uses NSS, and this alone makes NSS a "high-impact library".
The parts of NSS that Firefox/Gecko and Chromium/Blink use are already covered by Mozilla's bounty program AND Google's bounty program. I believe that one could find a vulnerability in NSS and actually collect on BOTH bounty programs. > And I think that "down-to-earth, proactive improvements that go beyond > merely fixing a known security bug" describes the insanity::pkix effort > rather well! I agree I should be getting paid more. :) Cheers, Brian _______________________________________________ dev-security mailing list dev-security@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security
