homepage Welcome to WebmasterWorld Guest from 54.166.122.86
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Become a Pro Member

Home / Forums Index / Browsers / Firefox Browser Usage and Support
Forum Library, Charter, Moderators: incrediBILL

Firefox Browser Usage and Support Forum

    
Wanted: FireFox Security Vulnerabilities
$500 Reward: Looks like Mozilla takes security pretty seriously.
MatthewHSE

WebmasterWorld Senior Member 10+ Year Member



 
Msg#: 383 posted 1:48 pm on Aug 2, 2004 (gmt 0)

Has anyone seen the latest announcement on the Mozilla.org RSS feed?

[mozilla.org...]

Offering $500 rewards for finding security bugs sure shows the dedication the Mozilla Foundation has for maintaining a secure browser. Do any other browser manufacturers offer this kind of incentive?

 

encyclo

WebmasterWorld Senior Member encyclo us a WebmasterWorld Top Contributor of All Time 10+ Year Member



 
Msg#: 383 posted 2:22 pm on Aug 2, 2004 (gmt 0)

Try: Mozilla check #1 [nd.edu] and Mozilla check #2 [cipher.org.uk] (OK the second one didn't work for me at all, and the first is clever but not perfect.)

Another bounty very similar to Mozilla's is one of $10,000 for finding a security breach in qmail. It has to be said that qmail is a far simpler codebase than Mozilla.

Although not for bug reports but rather for catching crackers, Microsoft offers $250,000 for information on virus writers.

Actually, I think this is a good move. Security researchers are already taking a close look at Mozilla, and this will only encourage more participation in the bug-hunting effort.

nalin

10+ Year Member



 
Msg#: 383 posted 2:42 pm on Aug 2, 2004 (gmt 0)

Qmail and DJBdns are both by Daniel Burnstein (im afraid I have probably butchered the spelling) and both have [cr.yp.to] rewards [cr.yp.to] of $500 for security related bugs that have remained long unclaimed (qmails was first offered in 1997). They replaced (the notoriously insecure) sendmail and BIND respectivly (curiously both out of berkley which seems to product great programmers and terrible software).

The history aside it seems that qmail has a lower market share then that of sendmail or postfix, largly (in my opinion) because the interface and configuration differs enormously from that of sendmail which tends to break sendmail-centric programs and make migration troubling at best (postfix is designed to use an interface identical to sendmails, and the configuration varies for the better). DJBdns suffers a similar fate when compared to BIND.

I guess the moral of the story is that you can have the most secure program in the world - but if you discourage users from switching over to it it dosn't much help (In fairness I think Mozilla does not suffer this problem).

Global Options:
 top home search open messages active posts  
 

Home / Forums Index / Browsers / Firefox Browser Usage and Support
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved