Mozilla Has Developed Program For Information Security To Reward Experts To Find Vulnerabilities

By Author: Peter Martin
Total Articles: 211
Comment this article

Software developers and vendors of security products are faced with the challenge of developing secured products. However, it is difficult to anticipate and identify all vulnerabilities in advance. On the other hand, hackers always find ways to identify and exploit vulnerabilities, which results in security breaches. As such, computer security professionals are always under pressure to release security updates for vulnerabilities. In order to encourage information security to pre-empt hackers in identifying vulnerabilities, Mozilla foundation had initiated rewards program titled Bug Bounty Program. Mozilla follows Google, which had initiated a similar program a few months earlier.

Under the program, Mozilla foundation will pay cash prizes to researchers for identifying security holes in Mozilla's web applications. The foundation will dole out at least $500 for identifying high risk vulnerabilities. Mozilla will pay up to $3,000 to computer security professionals on revelation of highly critical vulnerabilities. ...
...

Usually, security professionals use ethical hacking practices to detect and mitigate vulnerabilities. The Bug Bounty Program encourages security professionals to identify the lapses in the source code, vulnerabilities related to authentication and session management. Mozilla cautions security experts against using automated tools as they may lead to disruption of services.

The reward programs by software developers aims at ensuring Internet security and timely availability of security updates.

The web applications, which are eligible for the bug bounty program include mozilla.com/org, getfirefox.com, addons.mozilla.org, services.addons.mozilla.org, download.mozilla.org, getpersonas.com, firefox.com, bugzilla.mozilla.org, versioncheck.addons.mozilla.org, pfs.mozilla.org and aus*.mozilla.org.

Vulnerabilities in web applications may lead to malicious attacks such as SQL injection attacks, iFrame injection attacks, cross-site scripting attack, phishing and brute force attacks among many others. Timely security updates are crucial to prevent exploitation of vulnerabilities by hackers. Hackers may gain unauthorized access, breach databases, gain remote access and disrupt web application services.

Identification of vulnerabilities by security professionals may help software developers to mitigate the vulnerabilities and to provide secured web browsing experience to end-users.