Mozilla, Google Pay Top Dollar for White Hat Hackers

Dennis Faas's picture

Mozilla and Google have taken an interesting approach to ensuring that flaws, bugs and other problems associated with their Internet browsers are reported on in a timely manner.

The two companies are paying outside researchers as added motivation, with the belief being that if a bonus is attached for their efforts, more individuals will be willing to offer up their time to discover new errors.

Not All Researchers Financially Motivated

Microsoft employees need not get too excited with the news, as company representatives announced that no such bonuses will be given to their researchers.

According to Mike Reavey, director of the Microsoft Security Research Center, "We don't think (bug bounties) are the best way for us to compensate researchers." The reason Microsoft would not be following the lead of Mozilla and Google: "Not all researchers are financially motivated." (Source:

Not surprisingly, Microsoft researchers tend to disagree with these sentiments. Security vendors, including those employed by Microsoft, claim that while profits inspire most hackers to peddle their malware, there might be some merit in using profits as a driving force behind taking down this same malware.

Security Research: Time Versus White Hat Hackery

Consider the time and money security vendors save Microsoft when investigating a problem. In the long run, the services offered are far more valuable than the money being given out as "bug bonuses". Such individuals involved in finding these types of bugs are referred to as "White Hat Hackers" -- hacking done for the good of people, rather than malevolence.

Reavey continued to defend Microsoft, however, claiming that the company rewards their researchers in other ways: most notably, by offering employment opportunities for researchers as contractors and members of their security team.

Said Reavey, "There are lots of ways we work with the (researcher) community that don't involve handing out money directly."

Big Bucks for Bug Detection

While it can be argued that Microsoft-employed researchers should be content with what they already have, few can ignore the natural instinct to see what the competition has to offer. Last week, Mozilla increased Firefox bounties for bugs rated "critical" and "high" to $3,000. A few days later, Google upped the ante to $3,133 to those who reported on Chrome-based flaws. (Source:

Rate this article: 
No votes yet