BTW blog by Eileen Yu: ZDNet Asia goes global on local. http://tinyurl.com/yd554ql
31 minutes ago by zdnetasia on topsy
We have relaunched: What's new at ZDNet Asia?
ZDNet / News / Software / Story
Mozilla puts bounty on bugs
Summary
String of high-profile browser bugs prompts foundation to offer cash reward to those who uncover security holes.
Events
Microsoft MSDN/Developer Event
25 Mar 2010
One Marina Boulevard, Microsoft Singapore
IT Architect Regional Conference Singapore 2010
20 - 21 Apr 2010
Singapore Management University, Singapore
The Internet Show 2010
21-22 Apr 2010
Suntec Singapore
A string of high-profile flaws in browser software prompted the
Mozilla Foundation to announce on Monday that it would offer US$500 for every serious bug found by security researchers.
The announcement comes a week after the Mozilla Foundation, which directs development of the Mozilla and Firefox browsers and the Thunderbird e-mail client, confirmed that the group's browsers had two serious issues in dealing with digital certificates, the identity cards of the Internet. Last Friday, Microsoft fixed serious vulnerabilities in its Internet Explorer browser, some of which have been widely known since June.
"Recent events illustrate the need for this type of commitment," Mitchell Baker, president of the Mozilla Foundation, said in a statement. "The (program) will help us unearth security issues earlier, allowing our supporters to provide us with a head start on correcting vulnerabilities before they are exploited by malicious hackers."
Linux software maker Linspire and Internet entrepreneur Mark Shuttleworth funded the new initiative, dubbed the Mozilla Security Bug Bounty Program. Linspire seeded the program with US$5,000, and Shuttleworth promised to match the first US$5,000 in public contributions to the program, the foundation stated.
"We (the Mozilla Foundation) are moving into our second year, and we are going back and reviewing all the programs in place that we had in the past and setting priorities for the next year," said Chris Hofmann, director of engineering for the foundation. "Security is an area that we are serious about, and we wanted to get the ball rolling." He added that the foundation will continue to look for more contributors to the program.
Hofmann said that despite the bugs, Mozilla's security is good. Some critics have maintained that Mozilla's software has at least as many vulnerabilities as Microsoft's and that the only difference between the two applications is that Microsoft is more popular, so more security researchers are trying to break it.
"The conventional wisdom is that if Mozilla had the same market share as Microsoft, we would have as many flaws found--we don't see that as the case," Hofmann said.
A representative of Microsoft could not immediately be reached for comment.
Few companies have offered rewards for pinpointing software vulnerabilities, and the rewards have almost always been paid by security companies for flaws in other companies' software products. The rewards are generally used by security companies to gain a competitive edge over rivals by having their products recognize more vulnerabilities. The rewards also convince some would-be intruders to give up some of the tricks in their tool kit for quick cash.
However, a US$500 reward might not be very enticing--a point Hofmann acknowledges. "We don't have any intentions of increasing that amount," he said. "It is mostly a way to thank people who help us further the security of the product."
Microsoft does not give bounties to bug finders but did start a program that has posted three US$250,000 rewards for leads on virus writers.
Currently, the Mozilla Web application--which includes a browser, e-mail, chat program, and Web page editing program--has reached version 1.7. The Mozilla Foundation's Firefox stand-alone browser and Thunderbird e-mail client are close to being complete and are already widely used.
More information on the reward program can be found at The Mozilla Organization's Security Center.
Related stories
Transform your business interactions with real-time voice, video and telepresence solutions.
Tech Vendor: Cisco
Tech Vendor: Cisco
ZDNet Asia Live
HEADLINE: IT Management - IT Infrastructure - Service Level Management ... - http://bit.ly/bW1rqY
1 hour 14 minutes ago by itilpedia on topsy"Social Media Interactive Manager - Jobs - ZDNet Asia" http://bit.ly/b8xLDw
1 hour 31 minutes ago by socialsentiment on topsy"Expert sees cloud billing opportunities for telcos" http://bit.ly/bhqQvG <- down playing metering - the src for billing/capacity/cost/value
1 hour 38 minutes ago by williamlouth on topsyRT @charlesmok: Caller ID spoofing more damaging than e-mail http://ping.fm/0D77z
2 hours 4 minutes ago by makechoice on topsy
[TECH] URL Shorteners slow Web redirection. - http://bit.ly/bySnWK @zdnetasia
20 hours 22 minutes ago by danielcktan on twitter
URL shorteners are great but they can slow web redirection & you pray it would never go down http://bit.ly/bySnWK via @zdnetasia
20 hours 50 minutes ago by angahsin on twitter
Temasek Holdings eyeing tech stocks, indicating optimistic outlook on IT sector. http://bit.ly/aM7VwU
21 hours 19 minutes ago by zdnetasia on twitterURL shorteners slow Web redirection. http://bit.ly/bySnWK
21 hours 19 minutes ago by zdnetasia on twitterChinese agencies cry foul over Google. http://bit.ly/by6rwV
21 hours 25 minutes ago by zdnetasia on twitterPhilippine antipiracy drive focuses on enterprises. http://bit.ly/aWryDC
21 hours 47 minutes ago by zdnetasia on twitterGartner: China to become world's fastest-growing enterprise software market. http://bit.ly/bqJTtb
21 hours 48 minutes ago by zdnetasia on twitterall of sg's isps have been practising compulsory invisible proxy for all home subscribers at their backend since many years back alre...
1 day 43 minutes ago by melvinchia on Web filters mean bad news for businessit is not to good for china.
Proactol
RT @zdnetasia: HP touts new products and management and productivity tools to address business computing pain points. http://bit.ly/dudgA6
1 day 58 minutes ago by LiruChan on twitterFor those with a computer science background, or interested in the high performance computing scene: http://bit.ly/9vFC3i
1 day 24 minutes ago by zdnetasia on twitterHP touts new products and management and productivity tools to address business computing pain points. http://bit.ly/dudgA6
1 day 31 minutes ago by zdnetasia on twitter
** S'pore govt launches traffic Web app. http://www.zdnetasia.com/s-pore-...
1 day 10 minutes ago by juiceliving on twitter
Big up to my peeps at www.ZDNet.com.au (and www.ZDNetasia.com and www.ZDNet.com.uk). Loving the redesign!
1 day 4 minutes ago by randolphramsay on twitter
McAfee steps up cloud assurance - Zd Net Asia.com
http://www.zdnetasia.com/mcafee-...
Interesting take on social analystics. http://www.zdnetasia.com/blogs/w...
1 day 29 minutes ago by zatso on twitterVery good explanation of JMX
2 days 33 minutes ago by Babith B on Managing applications with JMXThe reaction to a report issued Tuesday by Flurry Analytics managed to completely overlook some interesting news--the Android-based Motorola Droid outsold the original iPhone over the same period of time following their respective launches--to focus instead on the sales numbers for the Nexus One.
2 days 37 minutes ago by lonemavericks on diggsAnother ZTE story....
2 days 39 minutes ago by Moderate Your Greed on Philippines opens bid for final 3G licenseWe at www.fifosys.com have also seen a growth in IT outsourcing and anticipate it as a growing field.
2 days 12 minutes ago by sarah Jane on Companies' outsourcing spend to increaseI agree with you. The iSiVaL is super portable and TVs can't expand their image size. I recorded a video that might bring some ideas to...
2 days 42 minutes ago by Jesse B Andersen on Buying a projector? Try an LED TV insteadhermm... he deserved it.. he shud not talk abt sensitive things like tat, well, he shud think twice before saying all those things, event...
2 days 20 minutes ago by ... on Facebook user charged in MalaysiaPassword manager tools are potential security threat. Criminals who hack into the computer can use the password manager to log onto any s...
2 days 21 minutes ago by ohanae on What defaults should random password generators use?I've found the cross platform utility unetbootin to be rather handy for this kind of thing as well.
2 days 55 minutes ago by Jim on Use Live USB Creator to install Fedora 12 from a USB stickThanks for the article. I think the debug command has an "\" after "C:" it should say w32tm /debug /enable /file:C:\l...
2 days 55 minutes ago by Roger Biefer on Manage time accuracy with W32Tmavailable in singapore now
http://www.portablemall.com.sg/goods-71-Microsoft+Zune+HD+32GB+-+Platinum.html
How about just using http://www.random.org/strings/? It is very configurable, satisfies all of the flexibility requirements you have ment...
3 days 37 minutes ago by Varun V Nair on What defaults should random password generators use?Wi-Fi as the "Rodney Dangerfield of wireless", is a catchy metaphor, but it's already been used. In fact, it was the title of a...
3 days 37 minutes ago by Martin Suter on Selina Lo: Wired up for Wi-Fi in AsiaDear Sir/Madam, I am Narasimha Rao.L. From bangalore India , i searching job in abroad , in electronics field, i have 6+ years exp....
4 days 39 minutes ago by Anonymous on Hot tech jobs in SingaporeGood article, computational aspect of acquired knowledge from the social platform is really questionable, given that there are a lot of p...
4 days 45 minutes ago by JN on What will social analytics say about your company?Keep up with ZDNet Asia
Linkedin 
RSS Feeds 
Newsletters 
Twitter Inside ZDNet Asia
Sponsored
The Desktop Virtualization Revolution is here!
Find our more with Citrix Simplicity is Power
2010 IT Salary & Skills Report
Find out the salary range of IT professionals. Join activeTechPros for free access to the report.
The Internet Show 2010, 21-22 Apr 2010, Singapore
FREE admission for visitors who pre-register online. Register Today!
