Thursday, January 17, 2008

Mozilla Security Bug Bounty Program


The Mozilla Security Bug Bounty Program is designed to encourage security research in Mozilla software and to reward those who help us create the safest Internet clients in existence. Reporters of valid critical security bugs will receive a $500 (US) cash reward and a Mozilla T-shirt.

Reward Guidelines

The bounty will be awarded for critical security bugs that meet the following criteria:

  • Security bug must be original and previously unreported.

  • Security bug must be a remote exploit.

  • Security bug is present in the most recent supported version of Firefox, and/or Thunderbird, as released by the Mozilla Corporation.

  • Security bugs in or caused by additional 3rd-party software (e.g. Java, plugins, extensions) are excluded from the Bug Bounty program.

  • Submitter must not be the author of the buggy code nor otherwise involved in its contribution to the Mozilla project (such as by providing check-in reviews).

  • Mozilla Foundation and Corporation employees are ineligible.

If you found the security bug as part of your job (in other words, while being paid to work on Mozilla code) then we would appreciate your not applying for the bounty. Our funds are limited and we would like this program to focus on people who are not otherwise paid to work on the Mozilla project.

If two or more people report the bug together the $500 reward will be divided among them.


No comments:

Related Articles by Labels

Bookmark this

Did my post help you? Help others too by just taking a minute to bookmark this in any bookmark you use