Mozilla is increasing the amount it pays security researchers for bugs from $500 up to $3,000. I personally think that's a very good thing. There has long been a debate about whether or not vendors should pay for security flaws. In my view, the flaws are going to be discovered whether or not a vendor is paying for them. The question is how they will be disclosed and whether or not those flaws will end up putting millions of users at risk - or not. By paying for flaws, what Mozilla is doing is providing an economic model for both security researchers and for itself. For security researchers, a $3,000 payment is not an unreasonable sum in my view and it's more than the $1,337 that Google pays. HP's TippingPoint also pays for security flaws as well though they seem to have a floating scale on payments as far as I can tell.

The link for this article located at Internet News is no longer available.