Mozilla has increased the bug bounty it pays to security researchers or users who report security flaws to it from $500 to $3,000. Lucas Adamski, Director of Security Engineering did however note that Mozilla reserves the right to disqualify payment for bugs if the "reporter has been deemed to have acted against the best interests of our users." While specific examples weren't quoted, there is nothing to indicate that Mozilla has modified its stance on public security disclosure either.

While the increase in payment might seem like a lot, the payout might not necessarily mean much profit given the amount of work that is required. Notably, there is no way that Mozilla can compete with the black market for such exploits, which can reach $40,000 for a zero-day vulnerability that does not require any actions from users. Then again, this is most certainly a welcome step, considering that few organizations even offer payouts in the first place.

For more on this story:
- check out this article at InformationWeek
- check out this article at PCMag

Related Articles:
Security vulnerabilities continue to inundate software vendors
Microsoft to patch XP Help hole, four other vulnerabilities next Tuesday
Microsoft confirms critical Windows XP bug, recommends workaround
Adobe warns vulnerability could crash systems
WiFi key-cracking kits being sold in China