SkullandChains Report This Comment Date: October 22, 2010 09:12PM
It's safe to say a typical Willow Glen 12-year-old doesn't earn $3,000 for a
couple of weeks' worth of work. Then again, Alex Miller is no typical
12-year-old.
Alex is a bug hunter, but the bugs he's uncovering are unlikely to end up in any
entomological reference book. Instead, the bug Alex found was a valid critical
security flaw buried in the Firefox web browser. For his discovery, he was
rewarded a bug bounty of $3,000 by Mozilla, the parent company of Firefox.
Alex knows the value of bug bounties; he knows what other companies are
offering, so when Mozilla upped its bug bounty from $500, he was motivated.
"A couple months ago we increased the amount of payment to a much more
substantial $3,000, basically to reflect the change in the economy, and the
marketplace, since the time the program was initiated," says Brandon
Sterne, security program manager at Mozilla.
A Firefox loyalist, the University Prep Academy seventh-grader began his
diligent search in the bowels of the browser for a bug that would qualify for
the bounty.
He found something in an initial search and sent in a bug report, but it wasn't
the right type of bug to qualify for the big bucks. Alex returned to the
computer and his exploration. By Alex's estimation he spent about 90 minutes
each day for about 10 days until he spotted it--a flaw in the memory of the
running program.
There might have been dancing and some whooping at that point, he says.
Could it have been this easy, could anyone have found this bug?
"Absolutely not," says Sterne. "The space of people that are
contributing in this area is pretty small. This is a very niche technical
area."
Mozilla is a nonprofit, open source project with products such as web browser
Firefox, and calendar projects such as Lightning and Sunbird.
"Mozilla depends on contributors like these for our very, sort of,
survival. Mozilla is a community mostly of volunteers. We really encourage
people to get involved in the community. You don't have to be a brilliant
12-year-old to do that," he says.
Alex is virtually self-taught, says his mother, Elissa Miller. Reading his
parents' very technical books is not an assignment, it's something he just does;
and he understands them. He has a "gift for the technical," Elissa
says.
While some may contend that Alex spends too much time on the computer, Miller is
quick to point out that he's not just playing games; what Alex is doing is
learning.
"Clearly it's his passion," she says.
Alex has other interests, such as badminton and guitar. He's also learning
Mandarin. And a smile breaks across his face as he recalls a quest to build a
deadly robot in the Science Olympiad.
He can talk politics like a 40-year-old who's hooked on NPR news shows and
enjoys a good debate. But there are reminders that he isn't yet old enough to
vote.
"But you still have to do chores," Miller reminds him when he talks of
his next debugging mission.
Until he produced a copy of the check from Mozilla, Alex says his friends didn't
actually believe him when he told them about the money.
His declaration that he was "really, really, really, really, really
happy," when the check came in the mail hints at his youthful
exuberance.
Spending the first $100 didn't take long; he made a donation to his neighbor's
nonprofit organization, Unconditional Love Animal Rescue, which the Miller
family also supports by fostering found kittens.
He very much wants a new computer, and since he says he's been pretty bad about
it in the past, he plans yo buy Christmas gifts for his family. The rest will
stay put in the bank, where, if Alex gets his way, it will be joined by more bug
bounty.
PrOpHeT Report This Comment Date: October 22, 2010 10:45PM
The price on the underground market is higher, make it a habit and you can get
on payroll.
Paying parties are everyone from your own feds to Russian drug lords.
Kid will learn, and then no one will remember his name.
Edit: Smelling pistake, and to remove the smiley translation...
[
www.IfYouSeekAU.com]
Edited 2 time(s). Last edit at 22/10/2010 10:48PM by PrOpHeT.