MOZILLA FOUNDATION ANNOUNCES SECURITY BUG BOUNTY PROGRAM
Program harnesses power of the open source community to identify security vulnerabilities before they are exploited
MOUNTAIN VIEW, Calif. - August 2, 2004 - The Mozilla Foundation today announced the Mozilla Security Bug Bounty Program, an initiative that rewards users who identify and report security vulnerabilities in the open source project's software. Under the new program, users reporting critical security bugs - as judged by the Mozilla Foundation staff - will collect a $500 cash prize. The new initiative was launched with funding from leading Linux software developer Linspire, Inc., and renowned Internet entrepreneur Mark Shuttleworth.
"As Mozilla software builds momentum in the marketplace, I'm inspired by the Mozilla Foundation's enduring commitment to transparency and responsiveness on security issues, and I am happy to support this program," commented Mark Shuttleworth.
Identifying software security vulnerabilities requires constant vigilance, and preventing those issues from becoming problems necessitates a dedicated effort to provide quick and effective responses. The Mozilla project has developed a community of users and developers who are passionate about computer security and who continuously provide feedback on Mozilla software. The Mozilla Security Bug Bounty Program seeks to further encourage the community's focus on security consciousness and responsiveness.
"This program reflects our commitment to protecting consumers from malicious actors," commented Mitchell Baker, President of the Mozilla Foundation. "Recent events illustrate the need for this type of commitment. While no software is immune from security vulnerabilities, bugs in open source projects are often identified and fixed more quickly. The Security Bug Bounty Program will help us unearth security issues earlier, allowing our supporters to provide us with a head start on correcting vulnerabilities before they are exploited by malicious hackers."
Security experts agree that it is virtually impossible to produce
software that is absolutely secure against all possible attacks.
As a result, experts recommend that software combine a strong security
design and good security practices to maximize the amount of protection
available. The Mozilla Security Bug Bounty Program provides an
additional mechanism for identifying potential vulnerabilities.
"Worry-free security on the Internet is long overdue and we're committed to supporting the Mozilla Foundation's efforts to give users peace of mind," said Michael Robertson, Chief Executive Officer of Linspire, Inc. "We strongly urge the open source community to take advantage of this initiative to help identify and report any security problems for correction."
Linspire, Inc., and Mark Shuttleworth have issued seed funding to support this initiative, to be supplemented by donations from Mozilla supporters. The Mozilla Foundation is inviting its users and supporters to contribute to this initiative by making donations to the bounty's fund. Tax-deductible contributions can be made through http://www.mozilla.org/foundation/donate.html. The first $5,000 in community contributions will be matched dollar for dollar by Mark Shuttleworth.
Users who identify security bugs in Mozilla software are encouraged to go to http://www.mozilla.org/security, which links to information about which bugs are eligible and how to claim the bounty.
About the Mozilla Foundation
Established in July 2003 with start-up support from America Online's Netscape division, the Mozilla Foundation exists to provide organizational, legal, and financial support for the Mozilla open source software project. The Foundation is based in Mountain View, California and is the heir to the great legacy and tradition of the Internet's first widely used browser, Netscape.
Mozilla Firefox, the Mozilla Foundation's next generation web browser, and Mozilla Thunderbird, the foundation's new email application, along with the Mozilla 1.7 Internet suite, are riding a wave of industry support, with the most recent release of Mozilla Firefox, version 0.9, downloaded more than one million times within 10 days after its release.
Supporting Mozilla
Individuals and companies from around the world support the Mozilla Foundation through voluntary contributions of time, money and resources. To discover how you or your company can join in and help support Mozilla, please send mail to donations@mozilla.org.
PRESS CONTACTS:
- Steve Kerns, 415-321-1891
- Colin Crook, 415-321-1887
- press@mozilla.org
For the latest Mozilla-related news and commentary, support and discussion, please visit MozillaZine, the largest independent Mozilla news and support site on the web.