Mozilla Security Bug Bounty Program

Now here is something interesting.

Mozilla is offering $500 USD and a free t-shirt to anyone who reports critical security bugs. They are calling this their Mozilla Security Bug Bounty Program. With some donations from Linspire and Mark Shuttleworth, Mozilla is offering this program for any of the STABLE release end-user software (ie: FireFox, ThunderBird, Mozilla)

It is an interesting idea. And it puts their money where their mouth is. I wasn't to sure about the program when I first heard about it, but after taking a glace at the Security Bug Bounty Program FAQ I am convinced it could work.

Only question is, I am curious how they deal with conflict resolution. What if two people report the same bug, but with different test cases? What if the bug exposed two different threats? I'm glad I am not on the committee that has to decide that.

Wonder if other software companies would ever do this. Hmmm.... hey Bill I know what you can do with those Billions!!!!