[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Netscape rewards are an insult

David A Wagner wrote:
> I do think their ``bug bounty'' system is an improvement -- at least
> they're showing some concern for security, and beginning to admit
> that outside review of security-critical code is...well...critical.

  The whole bug bounty thing is an experiment.  We have no idea how
valuable it will be, but we thought it would be worth trying.  As we
gain more experience with it, we will probably evolve it.

> Still, I do agree that they really oughta be employing true experts
> to carefully evaluate their system, if they wanna claim anything about
> its security.

  We are doing that to.  We are paying outside consultants to review
everything related to security.


Jeff Weinstein - Electronic Munitions Specialist
Netscape Communication Corporation
[email protected] - http://home.netscape.com/people/jsw
Any opinions expressed above are mine.