From: daw@lagos.CS.Berkeley.EDU (David A Wagner)
Date: Sun, 15 Oct 95 15:34:26 PDT
To: cypherpunks@toad.com
Subject: Re: Netscape rewards are an insult
Message-ID: <199510152232.SAA12387@book.hks.net>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

In article <9510141153.AA16412@all.net>,
Dr. Frederick B. Cohen <fc@all.net> wrote:
> 	The idea that Netscape (like Microsoft) thinks they can get free
> testing services from all over the net by real experts just by offerring
> a tee shirt is down right offensive.

But (amusingly enough) they can get free testing services from this
aspiring student for free just by providing source code.  Hey, it's fun! :-)
I'm no expert, but you get what you pay for. <grin>

[Psst: anyone wanna offer source code to the security modules?]


I do think their ``bug bounty'' system is an improvement -- at least
they're showing some concern for security, and beginning to admit
that outside review of security-critical code is...well...critical.

Still, I do agree that they really oughta be employing true experts
to carefully evaluate their system, if they wanna claim anything about
its security.
- ---
[This message has been signed by an auto-signing service.  A valid signature
means only that it has been received at the address corresponding to the
signature and forwarded.]

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: Gratis auto-signing service

iQBFAwUBMIGMAyoZzwIn1bdtAQG98wF9Hr8lU8nXqP50MNwO2SNhsMUg5XhzfcWg
22Tsp8OkYV3F22gUcI6Un1w7peK7ciT5
=hs1A
-----END PGP SIGNATURE-----