java security concerns
Brian Davis
bdavis at dg.thepoint.net
Thu Oct 12 12:37:02 PDT 1995
On Tue, 10 Oct 1995, John Lull wrote:
> On Mon, 09 Oct 1995 17:30:38 -0700, cmcmanis at scndprsn.Eng.Sun.COM
> (Chuck McManis) wrote:
>
> > >By the way, I suggest that Sun should offer a large money prize for
> > >the first significant security hole found the Java implementation. Its
> > >a tiny price to pay for security.
> >
> > I don't think the lawyers would let us.
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
I think this means they didn't ask.
If they did, perhaps the problem is their ability to say with a straight
face that their product is "secure" while at the same time running a
contest to find insecurities!
EBD
>
> Pardon my French, but if your lawyers make it impossible to do
> technical work correctly, isn't it time to get new lawyers? I can't
> see how offering a reward for reporting bugs could possibly be
> objectionable to any rational lawyer.
>
> This can be a VERY useful (and very inexpensive) debugging technique.
> Didn't Knuth offer a cash reward to the first person to find each typo
> in his "Fundamental Algorithms" series -- and then doubled the amount
> each year?
>
> It can also be a very useful teaching tool, in that it encourages
> users to explore little-used corners of a system.
>
> I applaud any company that has the guts to do it.
>
>
Not a lawyer on the Net, although I play one in real life.
**********************************************************
Flame away! I get treated worse in person every day!!
More information about the cypherpunks-legacy
mailing list