Linked by Anthony Haywood on Wed 5th Jan 2011 15:44 UTC
Privacy, Security, Encryption In the last year there have been a number of organisations offering rewards, or 'bounty' programs, for discovering and reporting bugs in applications. Mozilla currently offers up to $3,000 for crucial or high bug identification, Google pays out $1,337 for flaws in its software and Deutsche Post is currently sifting through applications from 'ethical' hackers to approve teams who will go head to head and compete for its Security Cup in October. The winning team can hold aloft the trophy if they find vulnerabilities in its new online secure messaging service β€" that's comforting to current users. So, are these incentives the best way to make sure your applications are secure?
Thread beginning with comment 456083
To read all comments associated with this story, please click here.
appfuzz
by xaeropower on Thu 6th Jan 2011 01:05 UTC
xaeropower
Member since:
2005-12-16

So, are these incentives the best way to make sure your applications are secure?
Yes. Whats your problem with it? at least poor russians & ukrainians have other opportunities to make money. I bet they sending in most of the bug reports.

The link missing from the article however theres a unicode char ΓΆΒ€" ;)

Anyway most of the people who pentesting and fuzzing apps for bugs would agree that the 1-3k offers are low prices especially from those big companies.

See where your money goes if you donate https://donate.mozilla.org/page/contribute/openwebfund

$75.00 - T-Shirt and dino plush toy please! ;)

Reply Score: 2

RE: appfuzz
by vodoomoth on Thu 6th Jan 2011 10:10 in reply to "appfuzz"
vodoomoth Member since:
2010-03-30

Anyway most of the people who pentesting and fuzzing apps for bugs would agree that the 1-3k offers are low prices especially from those big companies.

I wouldn't say that because I think that in large software like those mentioned in the article, the number of bugs may be large as well. Yes, the ratio of time spent (or personal investment) over money isn't favorable and I certainly wouldn't participate in these "bug hunts" but from the companies' perspective, it is risky. And yes I am not one of the people you are referring to.

Reply Parent Score: 3