Welcome to WebmasterWorld Guest from 188.8.131.52
Forum Moderators: incrediBILL
Offering $500 rewards for finding security bugs sure shows the dedication the Mozilla Foundation has for maintaining a secure browser. Do any other browser manufacturers offer this kind of incentive?
Another bounty very similar to Mozilla's is one of $10,000 for finding a security breach in qmail. It has to be said that qmail is a far simpler codebase than Mozilla.
Although not for bug reports but rather for catching crackers, Microsoft offers $250,000 for information on virus writers.
Actually, I think this is a good move. Security researchers are already taking a close look at Mozilla, and this will only encourage more participation in the bug-hunting effort.
The history aside it seems that qmail has a lower market share then that of sendmail or postfix, largly (in my opinion) because the interface and configuration differs enormously from that of sendmail which tends to break sendmail-centric programs and make migration troubling at best (postfix is designed to use an interface identical to sendmails, and the configuration varies for the better). DJBdns suffers a similar fate when compared to BIND.
I guess the moral of the story is that you can have the most secure program in the world - but if you discourage users from switching over to it it dosn't much help (In fairness I think Mozilla does not suffer this problem).