Suspected PayPal Hackers Seek Deal To Stay Out Of Prison
Scripps Employees Called 'Hackers' For Exposing Massive Security Flaw
Mozilla pays 12-year-old $3000 for finding critical vulnerability in Firefox
Alex Miller, a 12-year-old from San Jose, California, just cashed a $3000 check for finding a buffer overflow bug in 'document.write'.The bug, which was was one the major security vulnerabilities fixed in this week's releases of Firefox 3.6.11 and 3.5.14, was discovered by Alex after spending 'about 90 minutes each day for 10 days'. In other words, he pored through code for 15 hours and made $3000, or $200 per hour. Not bad for a 12-year-old!
If you want to get in on the bug bounty hunting action -- because let's face it, if a kid can find a bug in 15 hours, an adult could do it much faster -- just head on over to Mozilla Developer Central. Check out the Firefox source and start looking!
Comments
13
Subscribe to commentsAlyssaaOct 22nd 2010 3:47PM
Isn't Mozilla a non-profit foundation?
Sebastian AnthonyOct 22nd 2010 3:49PM
Yes... that's why they have to give all their money to kids before the end of the tax year :P
Dr_whiteOct 22nd 2010 4:04PM
[i]if a kid can find a bug in 15 hours, an adult could do it much faster[/i]
Actually..kids have more energy than any adult and the intelligent ones (esp. when motivated) can have insane focus on a task. And since he's clearly quite smart, he probably blows through the homework leaving lots of time to do stuff like this. I think the real story here is that a 12-yr old knows this much about code. Seems pretty remarkable, even though he lives a stone's throw from Silicon Valley - probably teethed on UNIX manuals.
Sebastian AnthonyOct 22nd 2010 4:13PM
I was kidding; sorry if it wasn't clear :)
The kid reminds me of myself!
polobunnyOct 22nd 2010 11:36PM
@Sebastian
Just a bit more productive. Blogs are so last century. ;D
rbOct 22nd 2010 4:40PM
way to go kiddo :}
JimiisamaOct 22nd 2010 4:31PM
New Headline: Mozilla spends $3000 on publicity stunt
pristy.siteOct 23rd 2010 6:56AM
The important thing is that the code was fixed and that's all there is, open code wins here.
SilverWaveOct 23rd 2010 4:46AM
Good for him :-)
WonderCsaboOct 23rd 2010 5:32PM
Guys, Mozilla pays 3000 dollar for every found critical vulnerability. Google does the same way for Chrome.
http://arstechnica.com/security/news/2010/07/mozilla-ups-bounty-for-reporting-vulnerabilities-to-3000.ars
quantumheaddOct 24th 2010 2:14AM
Good on him, but I think the title of "security researcher" is a bit rich for someone his age.
SingapuraOct 25th 2010 2:18AM
[quote]if a kid can find a bug in 15 hours, an adult could do it much faster -[/quote]
Age discrimination! My 1 year old son can switch my iPad on and start up Youtube faster then I can.
Sebastian AnthonyOct 25th 2010 5:54AM
Your fingers grow slow, old man!