Mozilla Community Cashing in on Bug Bounties | Internet News
Security
SHARE
Facebook X Pinterest WhatsApp

Mozilla Community Cashing in on Bug Bounties

Written By
Jim Wagner
Jim Wagner
Mar 31, 2005
2 minute read

The Mozilla Foundation’s Bug Bounty Program has netted some of its community
members $6,000, nearly half of it going to one German developer, officials
announced earlier this week.

South African venture capitalist Mark Shuttleworth and Linux vendor Linspire instituted the bug-quashing program in August 2004 to encourage Mozilla software users to report security vulnerabilities in the code.

Since then, five individuals have received $500 bounties on 12 security
vulnerabilities, $2,500 of which went to Michael Krax of Germany. While only
a number of bug bounties has been handed out, the list of security bug
reports from the open source community has been much higher, said Chris
Hofmann, Mozilla Foundation director of engineering.

“It’s hard to assign a number of reported issues to a week or month,” he
said. “When research identifies one area of vulnerability, there may be
other bugs reported that are variations on that theme. So counting actual
bugs reported isn’t necessarily accurate.”

The Mozilla Foundation has identified and fixed 66 security bugs in the
latest versions of its Mozilla Suite, Thunderbird e-mail client and Firefox.

Microsoft’s Internet Explorer and related products have also been beset by security vulnerabilities for years, though executives say
they are making a renewed commitment to the browser.

What differentiates the Mozilla Foundation from its competition is its
willingness to identify and publicize known vulnerabilities and patch those
bugs quickly, according to a report issued earlier this month by Brussels-based security consultancy firm ScanIT.

“Security researchers seem to be more inclined to report Firefox
vulnerabilities to the Mozilla development team than IE flaws to Microsoft
because of a better general attitude towards them,” said Alla Bezroutchko,
ScanIT senior security engineer, in a statement.

The report shows the Firefox browser was only exposed to a publicly known
vulnerability without a patch for 65 days in 2004; IE, on the other hand,
was safe for only seven days last year.

“We value the security community highly, and the Bug Bounty program is one
of the ways we help encourage participation,” Hofmann said. It’s this
community that helps us identify potential problems before exploits are
developed and before consumers can suffer. This is facilitated through
our open source development process.”
Jim Wagner
Internet News Logo

InternetNews is a source of industry news and intelligence for IT professionals from all branches of the technology world. InternetNews focuses on helping professionals grow their knowledge base and authority in their field with the top news and trends in Software, IT Management, Networking & Communications, and Small Business.

facebook
x

Company

Contact us Advertise with us

Categories

News Enterprise Small Business Reviews Podcasts Blog Research

Property of TechnologyAdvice. © 2026 TechnologyAdvice. All Rights Reserved

Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

Terms of Service Privacy Policy California - Do Not Sell My Information