David A Wagner wrote:
I do think their ``bug bounty'' system is an improvement -- at least they're showing some concern for security, and beginning to admit that outside review of security-critical code is...well...critical.
The whole bug bounty thing is an experiment. We have no idea how valuable it will be, but we thought it would be worth trying. As we gain more experience with it, we will probably evolve it.
Still, I do agree that they really oughta be employing true experts to carefully evaluate their system, if they wanna claim anything about its security.
We are doing that to. We are paying outside consultants to review everything related to security. --Jeff -- Jeff Weinstein - Electronic Munitions Specialist Netscape Communication Corporation jsw@netscape.com - http://home.netscape.com/people/jsw Any opinions expressed above are mine.