Tells you who is more serious about security. A quarter of $1M is a fair price for this type of bug.
Won't complain about that.
Tells you who is more serious about security. A quarter of $1M is a fair price for this type of bug.
Won't complain about that.
Just like you personally obviously don't care about your personal security when you do not pay a team of body guards 250k a year.
> Tells you who is more serious about security.
Yup, clearly Mozilla.
$250k is loose change for Google.
Really doesn't tell me piss all, as I'm not privy to their respective overall cash flow. Are you, considering you say it does for you?
Is monetary expenditure on vulnerability payouts really the primary determinent of who's taking security more seriously, by the way? Sounds a bit backwards to me.
What I call backwards is Mozilla paying their executives multi-millions of dollars for failure and the decline of Firefox.
Maybe had they ran the company competently, they could to afford to pay their engineers and offer larger bounties instead.
> Is monetary expenditure on vulnerability payouts really the primary determinent of who's taking security more seriously.
Many such researchers would rather sell their 0day to the black market if the effort + price offered is too low and not worth it. It is up to the vendor (Mozilla) to set a fair price to prevent that exploit from reaching the black market for a much higher price.
So given all the above, Mozilla is not serious.