What kinds of expansions would you like to see to our bug bounty program?https://www.mozilla.org/en-US/security/bug-bounty/ …
-
-
@BRIAN_____ Where would we get the cash for 10x? Earmarked donations? A government program to match bounty payouts? -
@jruderman Also, preventive measures should reduce # of bugs. Harder to find bugs -> higher pay needed. Fewer bugs -> more money available. -
@BRIAN_____ Is the idea that increased bounties would force us to invest more in preventative measures? Or that they're already on the way? -
@jruderman That's one way to put it. Having bounty payouts cheap relative to preventive measures leads to bad/counterproductive decisions.
End of conversation
New conversation -
-
-
@mozsec By "100% of the code," I mean all of Gecko, Gonk, and Giai, including in particular all of the AOSP code used.Thanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
.
@BRIAN_____@mozsec Doing something about FxOS's current disclose-never policy would also be good. Unfortunately, involves phone companies. -
@xlerb As soon as a phone's OS version goes out of Mozilla support, it should drop all “Firefox” branding and start calling itself “B2G” -
@jruderman@xlerb and we make the carriers do that how? -
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.