From: daw@lagos.CS.Berkeley.EDU (David A Wagner)
To: cypherpunks@toad.com
Message Hash: 37afb9493d0dd36b67bb4cd3163e0cbef238e784ea87cc39ea916256511d0cad
Message ID: <199510152232.SAA12387@book.hks.net>
Reply To: N/A
UTC Datetime: 1995-10-15 22:34:26 UTC
Raw Date: Sun, 15 Oct 95 15:34:26 PDT
From: daw@lagos.CS.Berkeley.EDU (David A Wagner)
Date: Sun, 15 Oct 95 15:34:26 PDT
To: cypherpunks@toad.com
Subject: Re: Netscape rewards are an insult
Message-ID: <199510152232.SAA12387@book.hks.net>
MIME-Version: 1.0
Content-Type: text/plain
-----BEGIN PGP SIGNED MESSAGE-----
In article <9510141153.AA16412@all.net>,
Dr. Frederick B. Cohen <fc@all.net> wrote:
> The idea that Netscape (like Microsoft) thinks they can get free
> testing services from all over the net by real experts just by offerring
> a tee shirt is down right offensive.
But (amusingly enough) they can get free testing services from this
aspiring student for free just by providing source code. Hey, it's fun! :-)
I'm no expert, but you get what you pay for. <grin>
[Psst: anyone wanna offer source code to the security modules?]
I do think their ``bug bounty'' system is an improvement -- at least
they're showing some concern for security, and beginning to admit
that outside review of security-critical code is...well...critical.
Still, I do agree that they really oughta be employing true experts
to carefully evaluate their system, if they wanna claim anything about
its security.
- ---
[This message has been signed by an auto-signing service. A valid signature
means only that it has been received at the address corresponding to the
signature and forwarded.]
-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: Gratis auto-signing service
iQBFAwUBMIGMAyoZzwIn1bdtAQG98wF9Hr8lU8nXqP50MNwO2SNhsMUg5XhzfcWg
22Tsp8OkYV3F22gUcI6Un1w7peK7ciT5
=hs1A
-----END PGP SIGNATURE-----
Return to October 1995
Return to “Jeff Weinstein <jsw@netscape.com>”