{"id":1984,"date":"2015-06-09T11:53:32","date_gmt":"2015-06-09T18:53:32","guid":{"rendered":"https:\/\/blog.mozilla.org\/security\/?p=1984"},"modified":"2015-08-10T15:50:54","modified_gmt":"2015-08-10T22:50:54","slug":"upcoming-changes-to-the-firefox-bug-bounty-program","status":"publish","type":"post","link":"https:\/\/blog.mozilla.org\/security\/2015\/06\/09\/upcoming-changes-to-the-firefox-bug-bounty-program\/","title":{"rendered":"Changes to the Firefox Bug Bounty Program"},"content":{"rendered":"<p>The Bug Bounty Program is an important part of security here at Mozilla. \u00a0This program has paid out close to 1.6 million dollars to date and we are very happy with the success of it. \u00a0We have a great community of researchers who have really contributed to the security of Firefox and our other products.<\/p>\n<p>Those of us on the Bug Bounty Committee did an evaluation of the Firefox bug bounty program as it stands and decided it was time for a change.<\/p>\n<p>First, we looked at how much we award for a vulnerability. \u00a0The amount awarded was increased to $3000 five years ago and it is definitely time for this to be increased again. \u00a0We have dramatically increased the amount of money that a vulnerability is worth. \u00a0On top of that, we took a look at how we decided how much we should pay out. \u00a0Rather than just one amount that can be awarded, we are moving to a variable payout based on the quality of the bug report, the severity of the bug, and how clearly the vulnerability can be exploited.<\/p>\n<p>Finally, we looked into how we decide what vulnerability is worth a bounty award. \u00a0Historically we would award $3000 for vulnerabilities rated Critical and High. \u00a0Issues would come up where a vulnerability was interesting but was ultimately rated as Moderate. \u00a0From now on, we will officially be paying out on Moderate rated vulnerabilities. \u00a0The amount that is paid out will be determined by the committee, but the general range is $500 to $2000. \u00a0This doesn\u2019t mean that all Moderate vulnerabilities will be awarded a bounty but some will.<\/p>\n<p>All of these changes can be found on our website here: <a href=\"http:\/\/www.mozilla.org\/en-US\/security\/client-bug-bounty\/\"> here<\/a><\/p>\n<p>Another exciting announcement to make is the official release of our Firefox Security Bug Bounty Hall of Fame! \u00a0This page has been up for a while but we haven\u2019t announced it until now. \u00a0This is a great place to find your name if you are a researcher who has found a vulnerability or if you want to see all the people who have helped make Firefox so secure.<\/p>\n<p>We will be making a Web and Services Bug Bounty Hall of Fame page very soon.  Keep an eye out for that!<\/p>\n<p><a href=\"https:\/\/www.mozilla.org\/en-US\/security\/bug-bounty\/hall-of-fame\/\">https:\/\/www.mozilla.org\/en-US\/security\/bug-bounty\/hall-of-fame\/<\/a><\/p>\n<p>Feel free to mail us at <a href=\"mailto:security@mozilla.com\">security@mozilla.com<\/a> with any questions!<\/p>\n","protected":false},"excerpt":{"rendered":"<p>The Bug Bounty Program is an important part of security here at Mozilla. \u00a0This program has paid out close to 1.6 million dollars to date and we are very happy &hellip; <a class=\"go\" href=\"https:\/\/blog.mozilla.org\/security\/2015\/06\/09\/upcoming-changes-to-the-firefox-bug-bounty-program\/\">Read more<\/a><\/p>\n","protected":false},"author":703,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[69],"tags":[],"coauthors":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v22.5 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Changes to the Firefox Bug Bounty Program - Mozilla Security Blog<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/blog.mozilla.org\/security\/2015\/06\/09\/upcoming-changes-to-the-firefox-bug-bounty-program\/\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"rforbes@mozilla.com\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"2 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/blog.mozilla.org\/security\/2015\/06\/09\/upcoming-changes-to-the-firefox-bug-bounty-program\/\",\"url\":\"https:\/\/blog.mozilla.org\/security\/2015\/06\/09\/upcoming-changes-to-the-firefox-bug-bounty-program\/\",\"name\":\"Changes to the Firefox Bug Bounty Program - Mozilla Security Blog\",\"isPartOf\":{\"@id\":\"https:\/\/blog.mozilla.org\/security\/#website\"},\"datePublished\":\"2015-06-09T18:53:32+00:00\",\"dateModified\":\"2015-08-10T22:50:54+00:00\",\"author\":{\"@id\":\"https:\/\/blog.mozilla.org\/security\/#\/schema\/person\/94e6e2c9aeba82de25049aec7bb62ba2\"},\"breadcrumb\":{\"@id\":\"https:\/\/blog.mozilla.org\/security\/2015\/06\/09\/upcoming-changes-to-the-firefox-bug-bounty-program\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/blog.mozilla.org\/security\/2015\/06\/09\/upcoming-changes-to-the-firefox-bug-bounty-program\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/blog.mozilla.org\/security\/2015\/06\/09\/upcoming-changes-to-the-firefox-bug-bounty-program\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/blog.mozilla.org\/security\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Changes to the Firefox Bug Bounty Program\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/blog.mozilla.org\/security\/#website\",\"url\":\"https:\/\/blog.mozilla.org\/security\/\",\"name\":\"Mozilla Security Blog\",\"description\":\"\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/blog.mozilla.org\/security\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/blog.mozilla.org\/security\/#\/schema\/person\/94e6e2c9aeba82de25049aec7bb62ba2\",\"name\":\"rforbes@mozilla.com\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/blog.mozilla.org\/security\/#\/schema\/person\/image\/c03a6017d70eb4f0b9fd769ff2d42312\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/c05fddac7f28cc31ba6cff141ca4787e?s=96&d=identicon&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/c05fddac7f28cc31ba6cff141ca4787e?s=96&d=identicon&r=g\",\"caption\":\"rforbes@mozilla.com\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Changes to the Firefox Bug Bounty Program - Mozilla Security Blog","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/blog.mozilla.org\/security\/2015\/06\/09\/upcoming-changes-to-the-firefox-bug-bounty-program\/","twitter_misc":{"Written by":"rforbes@mozilla.com","Est. reading time":"2 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/blog.mozilla.org\/security\/2015\/06\/09\/upcoming-changes-to-the-firefox-bug-bounty-program\/","url":"https:\/\/blog.mozilla.org\/security\/2015\/06\/09\/upcoming-changes-to-the-firefox-bug-bounty-program\/","name":"Changes to the Firefox Bug Bounty Program - Mozilla Security Blog","isPartOf":{"@id":"https:\/\/blog.mozilla.org\/security\/#website"},"datePublished":"2015-06-09T18:53:32+00:00","dateModified":"2015-08-10T22:50:54+00:00","author":{"@id":"https:\/\/blog.mozilla.org\/security\/#\/schema\/person\/94e6e2c9aeba82de25049aec7bb62ba2"},"breadcrumb":{"@id":"https:\/\/blog.mozilla.org\/security\/2015\/06\/09\/upcoming-changes-to-the-firefox-bug-bounty-program\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/blog.mozilla.org\/security\/2015\/06\/09\/upcoming-changes-to-the-firefox-bug-bounty-program\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/blog.mozilla.org\/security\/2015\/06\/09\/upcoming-changes-to-the-firefox-bug-bounty-program\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/blog.mozilla.org\/security\/"},{"@type":"ListItem","position":2,"name":"Changes to the Firefox Bug Bounty Program"}]},{"@type":"WebSite","@id":"https:\/\/blog.mozilla.org\/security\/#website","url":"https:\/\/blog.mozilla.org\/security\/","name":"Mozilla Security Blog","description":"","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/blog.mozilla.org\/security\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/blog.mozilla.org\/security\/#\/schema\/person\/94e6e2c9aeba82de25049aec7bb62ba2","name":"rforbes@mozilla.com","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/blog.mozilla.org\/security\/#\/schema\/person\/image\/c03a6017d70eb4f0b9fd769ff2d42312","url":"https:\/\/secure.gravatar.com\/avatar\/c05fddac7f28cc31ba6cff141ca4787e?s=96&d=identicon&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/c05fddac7f28cc31ba6cff141ca4787e?s=96&d=identicon&r=g","caption":"rforbes@mozilla.com"}}]}},"_links":{"self":[{"href":"https:\/\/blog.mozilla.org\/security\/wp-json\/wp\/v2\/posts\/1984"}],"collection":[{"href":"https:\/\/blog.mozilla.org\/security\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blog.mozilla.org\/security\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blog.mozilla.org\/security\/wp-json\/wp\/v2\/users\/703"}],"replies":[{"embeddable":true,"href":"https:\/\/blog.mozilla.org\/security\/wp-json\/wp\/v2\/comments?post=1984"}],"version-history":[{"count":0,"href":"https:\/\/blog.mozilla.org\/security\/wp-json\/wp\/v2\/posts\/1984\/revisions"}],"wp:attachment":[{"href":"https:\/\/blog.mozilla.org\/security\/wp-json\/wp\/v2\/media?parent=1984"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blog.mozilla.org\/security\/wp-json\/wp\/v2\/categories?post=1984"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blog.mozilla.org\/security\/wp-json\/wp\/v2\/tags?post=1984"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/blog.mozilla.org\/security\/wp-json\/wp\/v2\/coauthors?post=1984"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}