With Open Source Bug Bounties, 12-Year Olds Can Win Too

by Ostatic Staff - Oct. 25, 2010

We've written before about bug bounties--cash prizes offered by open source communities to anyone who finds key software bugs--ranging from FOSS Factory's bounty programs to the bounties that both Google (for the Chrome browser) and Mozilla offer. As we've noted, commercial companies focused on open source and open source communities at large can benefit from lots of efficiencies that arise from paying the public to debug software. In the latest example of the fact that "the public" in this context means absolutely anyone, 12-year old tech whiz Alex Miller, who hails from San Jose, right in the middle of Silicon Valley, has just received a $3,000 check from Mozilla for finding a major bug in the Firefox browser.

According to Geek.com:

"Mozilla recently increased the bounty for finding such bugs from $500 to $3,000 in an attempt to make it more worthwhile for people to spend their time looking for them. Alex set about tracking down any bug he could with 90 minute sessions each day. The first bug he submitted did not qualify for the reward, but 10 more days of hunting located a critical security flaw and the check was in the post."

Should a 12-year old be able to win a check like this for debugging an open source application that millions of people use? Absolutely. And, the open source community far and wide should wake up to the power of these bug-finding bounty programs. Google has leveraged these programs for years, very successfully.

Mobile open source company Funambol is just one of the commercial companies that successfully leverages bug bounty programs, as Stormy Peters noted in this post.  Funambol has even hired some of the young bug hunters it has come across through its bounty program. Who knows, maybe the future for Alex Miller lies at a company like Mozilla or Funambol.