Will Mozilla's $3,000 bug bounty make Firefox secure?
Mozilla is increasing the amount it pays security researchers for bugs from $500 up to $3,000. I personally think that's a very good thing.
There has long been a debate about whether or not vendors should pay for security flaws. In my view, the flaws are going to be discovered whether or not a vendor is paying for them. The question is how they will be disclosed and whether or not those flaws will end up putting millions of users at risk - or not.
By paying for flaws, what Mozilla is doing is providing an economic model for both security researchers and for itself. For security researchers, a $3,000 payment is not an unreasonable sum in my view and it's more than the $1,337 that Google pays. HP's TippingPoint also pays for security flaws as well though they seem to have a floating scale on payments as far as I can tell.
I've already seen some chatter on Twitter and other places where security researchers (among them noted Apple hacker Charlie Miller) have commented on Mozilla's new bug bounty increase. The general sentiment of the chatter is that researchers will turn their attention more-so now to Firefox, since it literally pays for them to do so.