Re: [Full-Disclosure] Netscape Problems.

From: Ben Bucksch (
Date: 12/01/02

  • Next message: Robert Tracz: "Re: CAIS-ALERT: Vulnerability in the sending requests control of BIND"
    Date: Sun, 01 Dec 2002 01:32:20 +0100
    From: Ben Bucksch <>

    zen-parse wrote:

    > Last Stage of Delirium wrote:
    >> Netscape seems to be another American company that does not seem to
    >> be fulfilling public obligations
    > [...]
    > No reply received yet regarding money.
    > [...]
    > In case people haven't noticed yet, Open Source is not more secure.

    You seem to complain mostly about the lack of payment from Netscape. The
    bug bounty is offered by Netscape for the Netscape browser (which is not
    fully Open Source) under terms set forth by Netscape alone. While your
    anger is fully understandable (I don't know, if it's justified or not),
    it has nothing to do with the publicized security bug policy of [1].

    Please report bugs to directly. If you do that, you (as bug
    finder) are in charge of the terms and you can threaten the developers
    with full disclosure on bugtraq. If you plan to do that, please do it
    from the beginning.

    You are of course welcome to report the bugs to the Beonex project [2],
    and we will then handle the reporting and tracking. Beonex has an even
    more open stance than

    Ben Bucksch

    [1] <>
    Quote: "Anyone who believes they have found a Mozilla-related security
    vulnerability can and should report it by sending email to the address For more information read the rest of this
    document. [...]
    The original reporter of a security bug may decide when that bug report
    will be made public [...]"
    [2] <>