From: s1018954@aix2.uottawa.ca
Date: Sat, 14 Oct 95 08:38:11 PDT
To: "Dr. Frederick B. Cohen" <fc@all.net>
Subject: Re: Netscape rewards are an insult
In-Reply-To: <9510141153.AA16412@all.net>
Message-ID: <Pine.3.89.9510141135.A70744-0100000@aix2.uottawa.ca>
MIME-Version: 1.0
Content-Type: text/plain




On Sat, 14 Oct 1995, Dr. Frederick B. Cohen wrote:

> 	The idea that Netscape (like Microsoft) thinks they can get free
> testing services from all over the net by real experts just by offerring
> a tee shirt is down right offensive.

   
THE NETSCAPE BUGS BOUNTY 

(major snip)   
   
   And if the security bug you find is severe as defined by Netscape, and
   hasn't been previously found, and can be reproduced by us, we'll write
   you a check for $1000. 
   
   "Previously Found" means that either an internal tester or someone
   else who doesn't work for Netscape has already reported a bug that
   causes the same defect.

That's a bit more than just a t-shirt. Since they're being open about 
bug finding, it would be reasonable and helpful for them to publish all
discovered bugs to prevent duplication and give people a forum for 
concentrating efforts. 

As for the t-shirts, it'd real nice at job interviews to show up with 
personalized "(insert your name here) cracked netscape, and all I got was 
this lousy t-shirt" signed with netscape's pgp key (and verifiable at 
their soon to appear (hint, hint) "Bug tester's Hall of Fame"). Looks
nice on CV's too.