Linked by Anthony Haywood on Wed 5th Jan 2011 15:44 UTC
Privacy, Security, Encryption In the last year there have been a number of organisations offering rewards, or 'bounty' programs, for discovering and reporting bugs in applications. Mozilla currently offers up to $3,000 for crucial or high bug identification, Google pays out $1,337 for flaws in its software and Deutsche Post is currently sifting through applications from 'ethical' hackers to approve teams who will go head to head and compete for its Security Cup in October. The winning team can hold aloft the trophy if they find vulnerabilities in its new online secure messaging service β€" that's comforting to current users. So, are these incentives the best way to make sure your applications are secure?
Permalink for comment 456083
To read all comments associated with this story, please click here.
appfuzz
by xaeropower on Thu 6th Jan 2011 01:05 UTC
xaeropower
Member since:
2005-12-16

So, are these incentives the best way to make sure your applications are secure?
Yes. Whats your problem with it? at least poor russians & ukrainians have other opportunities to make money. I bet they sending in most of the bug reports.

The link missing from the article however theres a unicode char ΓΆΒ€" ;)

Anyway most of the people who pentesting and fuzzing apps for bugs would agree that the 1-3k offers are low prices especially from those big companies.

See where your money goes if you donate https://donate.mozilla.org/page/contribute/openwebfund

$75.00 - T-Shirt and dino plush toy please! ;)

Reply Score: 2