Mozilla: Many Security Researchers Decline Our Rewards

    August 6, 2010

Bribes can represent an easy way of securing a person’s loyalty; throw enough cash at someone, and they’re almost sure to be appreciative.  Mozilla might have an advantage in the browser wars, however, as it appears that many Mozilla bug finders are so fond of the organization they don’t require payment.

We have an email out to Google on this matter, and will allow for the possibility that many more volunteers are helping Chrome for free.  And of course, everyone who tries to find problems with Internet Explorer does so for free, because Microsoft doesn’t have a reward program.

Still, Mozilla’s figures seem rather impressive.

Robert McMillan reported this morning, "Between 10 percent and 15 percent of the serious security bugs reported since Mozilla launched its bug bounty program have been provided free of charge, according to Mozilla."

Johnathan Nightingale, the director of Firefox development, then explained, "A lot of people would say, ‘Don’t worry about it.  Donate it to the EFF [Electronic Frontier Foundation] or just send me a T-shirt.’"

That hints at a pretty cozy relationship between security researchers and Mozilla, which is sure to benefit the group in several ways.

UPDATE: A Google spokesperson responded, "We periodically receive requests to donate Chromium rewards to charity, and we gladly comply."