At Google and Mozilla, Bug Bounties are Big Successes

by Ostatic Staff - Jan. 31, 2011

We've written before about bug bounties--cash prizes offered by open source communities to anyone who finds key software bugs--ranging from FOSS Factory's bounty programs to the bounties that both Google (for the Chrome browser) and Mozilla offer. There has been strong evidence that Google and Mozilla have increased their focus on cash bounties paid to people who find bugs in their applications and platforms, including recent specifics on what they pay out.

ITNews reports:

"Mozilla, developers of the popular Firefox web browser, has paid out US$40,000 in the past month for bugs on its websites and in its apps. Last month, the open-source developer said it would extend its bug bounty program beyond its Firefox browser to include other web tools. The maximum payout is US$3,000 for "extraordinary" flaws, with high severity bugs earning US$500."

Google has paid substantial bug bounties to those who have found bugs in the Chrome browser too. ThreatPost noted recently:

"Google has released version 8.0.552.237 of its Chrome browser, which includes fixes for 16 security vulnerabilities. The company also paid out more than $14,000 in bug bounties for the flaws fixed in this release, including the first maximum reward of $3133.7."

It's no surprise that companies that know how to do open source are having success with these bug bounties.  Commercial companies focused on open source and open source communities at large can benefit from lots of efficiencies that arise from paying the public to debug software. Look for this trend to continue.