The idea that Netscape (like Microsoft) thinks they can get free testing services from all over the net by real experts just by offerring a tee shirt is down right offensive. I have a better idea. How about an open market in break-in software. We crack Netscape and offer the crack code to the highest bidder. Bids start at US$25K per hole. For the insult, Netscape has to outbid the competition by a factor of 2 to get the details of the hole. Here's how it works: - We get a panel of 5 cypherpunk judges who test each claimed hole. - Exploit code is sent to the panel for verification. - If they verify the hole, it is put up for bid. - Winning bidder gets the code for 3 months before it is released on hacker BBS systems throughout the world. - The panel of judges splits 25% of the money paid for the code as pay for their efforts. The rest goes to the author. I have an even better idea. How about if Netscape gets some competent programmers with real security expertise, adds in some good change controls, a serious internal testing program, quality control ala ISO-9000, internal IT auditors, external IT auditors, training and education for their employees, and everything else it takes to be in the software business in a serious way. As an alternative, we could help them contact the shareholders for a lawsuit. After all, they are a public company now and are responsible to the shareholders for the value of their stock. If it goes down because they aren't doing an adequate job of software quality control, the officers may be personally liable. -- -> See: Info-Sec Heaven at URL http://all.net Management Analytics - 216-686-0090 - PO Box 1480, Hudson, OH 44236