zen-parse wrote: > Last Stage of Delirium wrote: > >> Netscape seems to be another American company that does not seem to >> be fulfilling public obligations > > [...] > No reply received yet regarding money. > [...] > In case people haven't noticed yet, Open Source is not more secure. You seem to complain mostly about the lack of payment from Netscape. The bug bounty is offered by Netscape for the Netscape browser (which is not fully Open Source) under terms set forth by Netscape alone. While your anger is fully understandable (I don't know, if it's justified or not), it has nothing to do with the publicized security bug policy of mozilla.org [1]. Please report bugs to mozilla.org directly. If you do that, you (as bug finder) are in charge of the terms and you can threaten the developers with full disclosure on bugtraq. If you plan to do that, please do it from the beginning. You are of course welcome to report the bugs to the Beonex project [2], and we will then handle the reporting and tracking. Beonex has an even more open stance than mozilla.org. Ben Bucksch Beonex [1] <http://www.mozilla.org/projects/security/security-bugs-policy.html> Quote: "Anyone who believes they have found a Mozilla-related security vulnerability can and should report it by sending email to the address securityat_private For more information read the rest of this document. [...] The original reporter of a security bug may decide when that bug report will be made public [...]" [2] <http://www.beonex.com>
This archive was generated by hypermail 2b30 : Mon Dec 02 2002 - 10:05:21 PST