[mccr8]

The incentive is that Mozilla will pay you thousands of dollars if you find a security bug: https://www.mozilla.org/en-US/security/client-bug-bounty/

We have many outside contributors who have successfully submitted security bugs and received payments.