On Thu, 27 Jan 2000, Eric Murray wrote:
> Netscape used to have a similar policy. I beleive
> that they called it "bugs bounty". They also posted security bug
> fixes for public review (i.e. the random number bug).
Yep, they sure did. I won one of the $1000 ones. They had some paperwork
probl
On Thu, Jan 27, 2000 at 10:31:46AM -0800, Ed Gerck wrote:
> I can imagine a company writing, for the benefit of all:
>
> We support open assessment of risks -- if you find a security fault
> in our systems, please tell us first so that we can fix it first. We commit
> ourselves to making publ
Ted Lemon wrote:
> Ed Gerck wrote [reinserted for context]:
>
> >In fact, if there would be a pre-defined reward for those that find holes
> >in today's increasing electronic and "secure" systems then companies
> >could rely in that reward both as a payment cap and as way to separate
> >rewar
> Comments?
I think your proposal is not entirely unreasonable, although I wonder
if the people who have the most interest in a secure system are not
the banks, but the insurance companies and the customers. My
impression of banks is that as long as they can quantify the potential
loss, they c
Ted Lemon wrote:
> Amateurs in the crypto world seem to get bitten by this fairly
> frequently - read the recent transcripts to the New York preliminary
> injunction on the DeCSS case for supporting evidence. If you're out
> to prove a point, and you're riding the fine edge of legality and
> ci
> It is fun to read http://www.msnbc.com/msn/361936.asp especially at
> the end, because if "This isn't even small potatoes; it's no more
> than sprouts." -- then, while the hassle, prison and fine?
Well, he did try to extort money from the banks. I think this was
really the problem with what
List:
It is fun to read http://www.msnbc.com/msn/361936.asp
especially at the end, because if "This isn't even small
potatoes; it's no more than sprouts." -- then, while the
hassle, prison and fine?
The conclusion seems to be ... prove me wrong, go
to jail. Of course
