For about the past six years, Mozilla has been putting cash bounties on bugs, and more recently, the open-source company upped the reward from $500 to $3,000. Not a bad score for researchers who make it their business to hunt down bugs and turn them in, but for some, it's not about the money.

In fact, roughly 10-15 percent of the serious security flaws reported to Mozilla since the cash bounty program was first offered have been provided at no cost.

"A lot of people would say, 'Don't worry about it. Donate it to the eFF (Electronic Frontier Foundation) or just me a T-shirt,'" said Jonathan NighingaleDevelopment Director, Firefox, in a recent interview.

Turning down the cash for reporting clunky browser behavior is made even more impressive considering these bugs can sometimes fetch even more money in the underground market. Cyber crooks are always on the lookout for rogue software to infect people's machine, and Mozilla's cash bounty is an attempt to counter this practice.

"In North America, $3,000 is not nothing," Nightingale added. "But in a lot of the world, $3,000 is a big deal, and our contributors come from lots of places."

Image Credit: TechRepublic

Government to persevere with browser despite high-profile vulnerabilities and advice from France and Germany

The government has ruled out scrapping the use of Internet Explorer 6 on department computers, saying it will persevere with the bullet-riddled browser despite its high-profile vulnerabilities.

Responding to an online petition with more than 6,000 signatures urging government departments to upgrade away from IE6, the government said such a move would be "a very large operation" potentially at "significant potential cost to the taxpayer".

"It is therefore more cost-effective in many cases to continue to use IE6 and rely on other measures, such as firewalls and malware-scanning software, to further protect public sector internet users," reads the statement.

The petition, set up by Dan Frydman, director of Inigo Media, launched the day after Google announced it would be phasing out support for the Microsoft browser after the company's corporate network was broken into by Chinese hackers using a vulnerability in IE6. The (pre-election) cabinet office signalled its intention to stick with IE6 in January this year, despite governments in both France and Germany advising people to stop using it.

Frydman responded to today's government decision on his blog, expressing disappointment that the possibility of an upgrade across any department was ruled out so off-handedly. "What I was looking for was a recommendation to upgrade away from IE6," he says. "A recommendation isn't hard, it's cheap and easy and isn't an admission of guilt. It puts the onus on the government departments to modernise, to innovate and to take care of [on] their own.

"There's not a chance that we can always get what we want. Sometimes we just need to get what we can. Recommending the move would have been great. Not recommending it is short-sighted and diminishes ambition just at the time when we need it."

Microsoft is trying to downplay the shortcomings IE6 security in his blog back in January, days before releasing a patch to solve the issue. In the meantime, the Twittersphere is keeping the heat on the browser nearing its 10th anniversary.