BANGALORE, INDIA: With security environment fast changing, Mozilla has announced updation of its security bounty program to better support constructive security research.
According to the Mozila blog, for new bugs reported starting July 1st, 2010 UTC we are changing the bounty payment to $3,000 US per eligible security bug. "A lot has changed in the 6 years since the Mozilla program was announced, and we believe that one of the best way to keep our users safe is to make it economically sustainable for security researchers to do the right thing when disclosing information, " the blog post said. It adds that Mozilla launched its security bounty program in 2004 and while the original mission of protecting users by supporting security research has not changed, the security environment has changed tremendously. As per the post, products covered under the bounty will still include Firefox and Thunderbird and also Firefox Mobile and any Mozilla services. "These are products we have traditionally paid bounties for in a discretionary basis anyway, but we wanted to make that explicit. Release and beta versions of those products are eligible." However, Mozilla Suite bugs is no longer eligible, as it is not an officially released nor supported Mozilla product. "To be very clear, we are not modifying our position regarding payment for publicly disclosed bugs; Mozilla bounty payments are not contingent upon confidential disclosure. While Mozilla strongly encourages researchers to disclose bugs to us privately (and most researchers have), we also believe that researchers should ultimately retain control over when and how the details of their research are disclosed.", the blog post said. @CIOL -- You received this message because you are subscribed to the Google Groups "nforceit" group. To post to this group, send an email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/nforceit?hl=en-GB.
