From: John Lull <lull@acm.org>
To: cmcmanis@scndprsn.Eng.Sun.COM (Chuck McManis)
Message Hash: 389e97e6ef55468a1608389e9f75dfc2dc0e673c4750add4b32d01d20f48fe14
Message ID: <199510101714.KAA07329@ix2.ix.netcom.com>
Reply To: <9510100030.AA29195@pepper.Eng.Sun.COM>
UTC Datetime: 1995-10-10 17:14:09 UTC
Raw Date: Tue, 10 Oct 95 10:14:09 PDT
From: John Lull <lull@acm.org>
Date: Tue, 10 Oct 95 10:14:09 PDT
To: cmcmanis@scndprsn.Eng.Sun.COM (Chuck McManis)
Subject: Re: java security concerns
In-Reply-To: <9510100030.AA29195@pepper.Eng.Sun.COM>
Message-ID: <199510101714.KAA07329@ix2.ix.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain
On Mon, 09 Oct 1995 17:30:38 -0700, cmcmanis@scndprsn.Eng.Sun.COM
(Chuck McManis) wrote:
> >By the way, I suggest that Sun should offer a large money prize for
> >the first significant security hole found the Java implementation. Its
> >a tiny price to pay for security.
>
> I don't think the lawyers would let us.
Pardon my French, but if your lawyers make it impossible to do
technical work correctly, isn't it time to get new lawyers? I can't
see how offering a reward for reporting bugs could possibly be
objectionable to any rational lawyer.
This can be a VERY useful (and very inexpensive) debugging technique.
Didn't Knuth offer a cash reward to the first person to find each typo
in his "Fundamental Algorithms" series -- and then doubled the amount
each year?
It can also be a very useful teaching tool, in that it encourages
users to explore little-used corners of a system.
I applaud any company that has the guts to do it.
Return to October 1995
Return to “sameer <sameer@c2.org>”