On Mon, 09 Oct 1995 17:30:38 -0700, cmcmanis@scndprsn.Eng.Sun.COM (Chuck McManis) wrote:
By the way, I suggest that Sun should offer a large money prize for the first significant security hole found the Java implementation. Its a tiny price to pay for security.
I don't think the lawyers would let us.
Pardon my French, but if your lawyers make it impossible to do technical work correctly, isn't it time to get new lawyers? I can't see how offering a reward for reporting bugs could possibly be objectionable to any rational lawyer. This can be a VERY useful (and very inexpensive) debugging technique. Didn't Knuth offer a cash reward to the first person to find each typo in his "Fundamental Algorithms" series -- and then doubled the amount each year? It can also be a very useful teaching tool, in that it encourages users to explore little-used corners of a system. I applaud any company that has the guts to do it.