1995-10-15 - Re: Netscape rewards are an insult

Header Data

From: “Josh M. Osborne” <stripes@va.pubnix.com>
To: fc@all.net (Dr. Frederick B. Cohen)
Message Hash: 83a4e74af2bd956d77130d3cda694a563abd94280dd1c7ac9f017b396e419e5e
Message ID: <MAA21936.199510151600@garotte.va.pubnix.com>
Reply To: <9510141801.AA01730@all.net>
UTC Datetime: 1995-10-15 16:00:44 UTC
Raw Date: Sun, 15 Oct 95 09:00:44 PDT

Raw message

From: "Josh M. Osborne" <stripes@va.pubnix.com>
Date: Sun, 15 Oct 95 09:00:44 PDT
To: fc@all.net (Dr. Frederick B. Cohen)
Subject: Re: Netscape rewards are an insult
In-Reply-To: <9510141801.AA01730@all.net>
Message-ID: <MAA21936.199510151600@garotte.va.pubnix.com>
MIME-Version: 1.0
Content-Type: text/plain


In message <9510141801.AA01730@all.net>, Dr. Frederick B. Cohen writes:
[...]
>The $25K is a trivial amount for finding such a hole in a product that
>is supposed to secure billions of dollars worth of electronic funds
>transfers.  If the bad guys find a hole, it could easily cost millions. 
>If you don't believe me, look at the statistics for other holes in the
>credit card and telecommunications businesses.  They losses are in the
>billions each year. 
[...]

Note well: Netscape is offering this reward for finding bugs in *beta*
release code.  In other words the code that they *know* crashes, code
that they susspect has security releated bugs, code that they don't think
is (yet) good enough to charge a mesely $40 for!

If they don't get buried in bad press for this, I would guess that they
may have a diffrent program with a diffrent set reward for finding bugs
in their for-sale version.  Or not.  After all I susspect that like most
other places they are more intrested in making the next product the best
in the world then making the last one "as good as the box says".

Besides nobody said you have to report your bugs to Netscape just because
they gave you free software and offered some sort of reward for finding
bugs.  If you don't think the "pay" (including the posability of having
the software fixed) is high enough, don't report the bugs.





Thread