By Dan Ilett, 31 March 2005 15:15
NEWS
The Mozilla Foundation has given $2,500 to a security researcher for discovering vulnerabilities in its free web browser.
The company paid $500 to German researcher Michael Krax for each of the five bugs he found in Firefox.
"We developed the bug bounty programme to encourage and award community members who identify unknown bugs in the software," said Chris Hofmann, director of engineering for the Mozilla Foundation. "This programme is one of the many ways the Mozilla Foundation produces safe and secure software for its users."
The National Infrastructure Coordination Centre earlier this month posted alerts about the bugs, which relate to chrome privileges a mechanism that allows applications to change user interface details of the browser itself. If abused, this function could alter the 'Home' button, for example, to make it download malicious programs.
Mozilla is one of the few organisations to offer financial incentives to people who find vulnerabilities. Microsoft, which charges for its products and regularly asks the user community to test beta versions of its software, has no such scheme.
A spokesperson for Microsoft said: "We don't pay people to find bugs but there are other ways we try to fix security as much as possible. But we can't comment on what Mozilla does."
Microsoft also highlighted its cash-reward scheme for informants who help law enforcement agencies to convict virus writers.
Dan Illet writes for ZDNet UK
Comments
There are 5 comments. Join the discussion
1. poetfreak
LOL, yeah microsoft pays people to tell on virus writers which take advantage on the inherient insecurity of the software they charge you for but won't pay you to help debug or fix. Thats why the exploits in windows can stay underground so long.
2. anonymous
M$ sound a little tongue tied. Imagine they offering $500 per bug found!! Chaos!
3. anonymous
Microsoft don't pay people for information on bugs. Why not? allegedly because it would probably bankrupt them!
4. anonymous
I feel the need to ask about Apple here, i guess they woudn't be arsed to pay for bug info because they dont think any exist or will not admit that any exist. Head in sand is a wonderfull defence - you dont see what is about to hit, at least with windows any sensible user will know to be careful.
5. james liddell
Apple only has to worry about monkeys as per one of the lead stories today. And since monkeys rarely have unlimited access to Apple COMPUTERS, I figure the company is on fairly good ground to ignore threats.