> Last Stage of Delirium wrote:
>
>> Netscape seems to be another American company that does not seem to
>> be fulfilling public obligations
>
> [...]
> No reply received yet regarding money.
> [...]
> In case people haven't noticed yet, Open Source is not more secure.
You seem to complain mostly about the lack of payment from Netscape. The
bug bounty is offered by Netscape for the Netscape browser (which is not
fully Open Source) under terms set forth by Netscape alone. While your
anger is fully understandable (I don't know, if it's justified or not),
it has nothing to do with the publicized security bug policy of
mozilla.org [1].
Please report bugs to mozilla.org directly. If you do that, you (as bug
finder) are in charge of the terms and you can threaten the developers
with full disclosure on bugtraq. If you plan to do that, please do it
from the beginning.
You are of course welcome to report the bugs to the Beonex project [2],
and we will then handle the reporting and tracking. Beonex has an even
more open stance than mozilla.org.
Ben Bucksch
Beonex
[1] <http://www.mozilla.org/projects/security/security-bugs-policy.html>
Quote: "Anyone who believes they have found a Mozilla-related security
vulnerability can and should report it by sending email to the address
security (at) mozilla (dot) org. [email concealed] For more information read the rest of this
document. [...]
The original reporter of a security bug may decide when that bug report
will be made public [...]"
[2] <http://www.beonex.com>
> Last Stage of Delirium wrote:
>
>> Netscape seems to be another American company that does not seem to
>> be fulfilling public obligations
>
> [...]
> No reply received yet regarding money.
> [...]
> In case people haven't noticed yet, Open Source is not more secure.
You seem to complain mostly about the lack of payment from Netscape. The
bug bounty is offered by Netscape for the Netscape browser (which is not
fully Open Source) under terms set forth by Netscape alone. While your
anger is fully understandable (I don't know, if it's justified or not),
it has nothing to do with the publicized security bug policy of
mozilla.org [1].
Please report bugs to mozilla.org directly. If you do that, you (as bug
finder) are in charge of the terms and you can threaten the developers
with full disclosure on bugtraq. If you plan to do that, please do it
from the beginning.
You are of course welcome to report the bugs to the Beonex project [2],
and we will then handle the reporting and tracking. Beonex has an even
more open stance than mozilla.org.
Ben Bucksch
Beonex
[1] <http://www.mozilla.org/projects/security/security-bugs-policy.html>
Quote: "Anyone who believes they have found a Mozilla-related security
vulnerability can and should report it by sending email to the address
security (at) mozilla (dot) org. [email concealed] For more information read the rest of this
document. [...]
The original reporter of a security bug may decide when that bug report
will be made public [...]"
[2] <http://www.beonex.com>
[ reply ]