At 11:28 AM 10/18/01 -0700, Don Weber wrote: >say 25000$ in a trust fund which has a panel of lets say 20 judges from the >security industry, then after money is confirmed deposited to fund, hacker >tells company what the problem is, company writes/releases patch, panel of >Judges then read the reports on do whatever testing they themselves think >necessary, and as a result vote on how much of the 25k is awarded to the What about freeware? GPL? and other? How those person are suppose to give 25k to a hacker? Just think of OpenBSD or any other free OS. If you ever find a security problem in OpenBSD I'm sure they'll be happy to fix it quite quick. But I don't see how they'll be able to pay you... I don't think seling OpenBSD and OpenSSH t-shirts give them a lot of money. Same thing with the people who write .cgi or other web goodies. They do that in there spare time and share it with the comunity to save you the time they took to build their products. Still I realy don't understand how those person would be able to pay you money for a bug. Another thing is: Where they are suppose to find the money to hire 20 judges? For what I understand your mail was aiming mostly at M$. I'm not a M$ fan, but I don't belive it will be faire that they have to pay if other don't just beacause they have a more money. Just my .02¢
This archive was generated by hypermail 2b30 : Thu Oct 18 2001 - 13:40:54 PDT