On Tue, 10 Oct 1995, John Lull wrote:
On Mon, 09 Oct 1995 17:30:38 -0700, cmcmanis@scndprsn.Eng.Sun.COM (Chuck McManis) wrote:
By the way, I suggest that Sun should offer a large money prize for the first significant security hole found the Java implementation. Its a tiny price to pay for security.
I don't think the lawyers would let us. ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ I think this means they didn't ask. If they did, perhaps the problem is their ability to say with a straight face that their product is "secure" while at the same time running a contest to find insecurities!
EBD
Pardon my French, but if your lawyers make it impossible to do technical work correctly, isn't it time to get new lawyers? I can't see how offering a reward for reporting bugs could possibly be objectionable to any rational lawyer.
This can be a VERY useful (and very inexpensive) debugging technique. Didn't Knuth offer a cash reward to the first person to find each typo in his "Fundamental Algorithms" series -- and then doubled the amount each year?
It can also be a very useful teaching tool, in that it encourages users to explore little-used corners of a system.
I applaud any company that has the guts to do it.
Not a lawyer on the Net, although I play one in real life. ********************************************************** Flame away! I get treated worse in person every day!!