I have a better idea. How about an open market in break-in software. We crack Netscape and offer the crack code to the highest bidder. Bids start at US$25K per hole. For the insult, Netscape has to outbid the competition by a factor of 2 to get the details of the hole.

You're talking gaping security holes. They're merely talking bugs. I don't know if it's already been covered elsewhere, but I saw Jim Clark at a press conference in Paris a couple of weeks ago, and he more or less laid out what he intended to do about security: "First of all, I am chairing an audit commitee for security. All new security-related and encryption-related mechanisms that we build into our products has to go through this audit commitee before being released. The audit commitee hires outside auditors, security auditors, particularly RSA and experts out of academia, Ron Rivest from MIT and people like this to do the audit of our security systems. Another thing we're doing is publishing the source code which does the security so people can just see what the algorithms are. Had we done that in the first place, if we had published our source code, people wouldn't say 'ha ha! It's easy to guess that you're using this gate as the starting point of the random number'. So we think that by publishing the algorithms, having a security audit by an outsider auditor... it's sort of like the accounting profession, they have an audit commitee on the board of directors, the audit is actually done by an outside financial institution and to some degree it's exactly what's happening in security. We think that we were the first company to introduce this technology to the internet and so we were the first company to come under attack. We were careless, and we're not going to be careless in the future." I haven't seen Netscape deliver on this promise of publishing their encryption code, so I'll keep the promise on tape for a little while (-: Best, Cedric. --------------------------------------------------------- Cedric Ingrand - cedric@planetepc.fr - +33.1.43.98.88.56.