Comments on: Bug hunter gets bounty from Mozilla

A Firefox guru receives a $2,500 reward for finding flaws in Mozilla's browser.

[Bill Dautrive]

Who are they kidding?

"A representative for Microsoft said: "We don't pay people to fix bugs, but there are other ways we try to fix security as much as possible. But we can't comment on what Mozilla does.""

Microsoft relies on third parties to find their bugs, then quite often trashes them for doing it or just denies that the flaw exists for a few months.

If MS paid $500 per bug found by third parties they would have gone out of business around 2000.

[David Arbogast]

Since you are in the know...

You sound as if you are familiar with MS software testing processes. Since you know so much about their process for finding bugs, why don't you clue the rest of us in.

Microsoft has people on SALARY who fix bugs. Customers and partners are happy to evaluate Betas because they have large-scale deployments of Windows and it is in their interest to test in their environment before implementing. It is nice that MS will let partners test software before it is finished, and it is great that partners want to test.

In contrast, Mozilla had to offer $500 for each bug found... as incentive. Without the cash, would those bugs have been found this year? Next year? Who knows. The article states that one such bug is as old as earlier versions of Netscape.

What would be interesting, would be to find out how long it took this guy to find those bugs. At $500 per bug, it would be a waste of time for a good developer to spend more than 6 to 10 hours on a bug. That is.... if you are trying to make a living in a world where software companies actually pay salary and benefits for people to do this full time... $500 sounds pretty cheap to me.