We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
80,258 News Articles

Mozilla & Google increase rewards for reporting bugs

Security researchers can pick up $3,113

Both Mozilla and Google have increased the rewards they will pay researchers who reports bugs in their web browsers.

Mozilla, which is behind the Firefox browser, has revealed it will now pay up to $3,000 (£1,961) to researchers who provide information on bugs in its products. Previously, the web browser developer offered $500 (£325).

The change is part of what Mozilla calls a refresh of its Security Bug Bounty Program, which launched in 2004.

"A lot has changed in the six years since the Mozilla programme was announced, and we believe that one of the best ways to keep our users safe is to make it economically sustainable for security researchers to do the right thing when disclosing information," Lucas Adamski, director of security engineering, said in a blog.

Mozilla has also expanded the scope of the reward programme, which will continue to apply to Firefox and the Thunderbird email client, and also to the Firefox mobile browser and other services the products rely on. Release and beta products are also eligible.

"These are products we have traditionally paid bounties for in a discretionary basis anyway, but we wanted to make that explicit," Adamski wrote.

Mozilla can deny a reward to a researcher, however, if the organisation deems the person has not acted in the best interests of users, Adamski wrote.

Other parts of the programme will be retained, however. A reward will still be paid even if a researcher has published information on the vulnerability or if the researcher doesn't have time to work closely with Mozilla's security team.

Meanwhile, Google, which first launched its Bug Bounty scheme in January this year, has also announced it is upping its reward.

Like Mozilla, Google said most researchers would be paid $500 for any flaws they identified in its Chrome browser. However, "particularly severe or particularly clever" bugs would reap rewards of $1,337 (£839) each.

The search engine has now revealed it is increasing this to $3,133 (£2,034).

"It has been approximately six months since we launched the Chromium Security Reward programme. Although still early days, the programme has been a clear success," Google said in a blog.

"Although still early days, the program has been a clear success. We have been notified of numerous bugs, and some of the participants have made it clear that it was the reward program that motivated them to get involved with Chromium security. The increased reward reflects the fact that the sandbox makes it harder to find bugs of this severity."

See also: Dell launches super secure version of Firefox


IDG UK Sites

Samsung Galaxy Note 4 review: Great if you like big, expensive phones

IDG UK Sites

Why Sony's PS4 2.0 update is every gamer's dream (well, mine at least)

IDG UK Sites

This Grolsch ad combines stop-motion & CG for majestic results

IDG UK Sites

Apple rumours and predictions for 2015: What to expect from Apple in 2015