If you think Firefox is secure, you may want to think again. At Pwn2Own this year, every major browser was exploited at least once. But Firefox was exploited the most. Why is that? I’ll let Sid Stamm, senior engineering manager of security and privacy at Mozilla tell you:
“Pwn2Own offers very large financial incentives to researchers to expose vulnerabilities, and that may have contributed in part to the researchers’ decision to wait until now to share their work and help protect Firefox users,” Stamm said. “Mozilla also offers financial rewards in our bug bounty program, and this program’s success has inspired other companies to follow suit.”
Perhaps that’s true. Mozilla now pays researcher only $3,000 per vulnerability. Someone who finds a bug at Pwn2Own $50,000. Having said that, here’s something to consider. Could it be that Firefox is simply insecure and Mozilla really needs to step up their game? Perhaps. Mozilla is going to rapidly fix anything that was exploited at Pwn2Own, but you can bet that a whole lot of people are going to look at Firefox a whole lot closer for anything that they can exploit. And some of them will be interested in crime and not scoring a bounty from Mozilla.
So is Firefox insecure? We’ll find out soon enough.
Related
This entry was posted on March 15, 2014 at 8:53 pm and is filed under Commentary with tags Firefox. You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
Do Pwn2Own Results Suggest That Firefox Is Insecure?
If you think Firefox is secure, you may want to think again. At Pwn2Own this year, every major browser was exploited at least once. But Firefox was exploited the most. Why is that? I’ll let Sid Stamm, senior engineering manager of security and privacy at Mozilla tell you:
“Pwn2Own offers very large financial incentives to researchers to expose vulnerabilities, and that may have contributed in part to the researchers’ decision to wait until now to share their work and help protect Firefox users,” Stamm said. “Mozilla also offers financial rewards in our bug bounty program, and this program’s success has inspired other companies to follow suit.”
Perhaps that’s true. Mozilla now pays researcher only $3,000 per vulnerability. Someone who finds a bug at Pwn2Own $50,000. Having said that, here’s something to consider. Could it be that Firefox is simply insecure and Mozilla really needs to step up their game? Perhaps. Mozilla is going to rapidly fix anything that was exploited at Pwn2Own, but you can bet that a whole lot of people are going to look at Firefox a whole lot closer for anything that they can exploit. And some of them will be interested in crime and not scoring a bounty from Mozilla.
So is Firefox insecure? We’ll find out soon enough.
Share this:
Like this:
Related
This entry was posted on March 15, 2014 at 8:53 pm and is filed under Commentary with tags Firefox. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.