We’re nearly three quarters the way through 2011 and we wanted to provide an update on the progress of the Mozilla bug bounty programs. The goal of the Mozilla bounty programs is to encourage security research in Mozilla software, reward the individuals that are participating in this research, and continue pursuing the safest browsing and web experience for all users.
The Firefox bug bounty was created in 2004 and has demonstrated its success over the past 7+ years. At the end of 2010, the bounty program was expanded and select high value Mozilla web sites were also included into a Mozilla web bounty program. Statistics on the success of the web bounty program were recently presented at the OWASP AppSecUSA conference and the slides, along with statistics, are available here.
Between the two bounty programs Mozilla has paid over $200,000 in bounties during 2011 for previously unknown security bugs in Firefox or our critical Mozilla web applications. These programs have established a productive dialog between the Mozilla community and numerous security researchers. In addition, each bounty bug report has enabled Mozilla to further refine the security controls in our products and web applications to deliver a more secure browsing and web experience to hundreds of millions of users around the world.
If you are interested in getting involved in the Mozilla bug bounty program then please check out the following links: