The Mozilla Security Blog has announced
a refresh of the Mozilla security bug bounty. The amount awarded for bugs has gone from $500 to $3000, and bugs for Firefox Mobile and Mozilla services are explicitly included, along with other changes. "In concert with those changes, we are also updating the eligibility language to make it clear that Mozilla reserves the right to disqualify bugs from the bounty payment if the reporter has been deemed to have acted against the best interests of our users. To be very clear, we are not modifying our position regarding payment for publicly disclosed bugs; Mozilla bounty payments are not contingent upon confidential disclosure. While Mozilla strongly encourages researchers to disclose bugs to us privately (and most researchers have), we also believe that researchers should ultimately retain control over when and how the details of their research are disclosed.
to post comments)