Re: [Full-Disclosure] Netscape Problems.

From: Ben Bucksch (ben.bucksch.news@beonex.com)
Date: 12/01/02

  • Next message: Robert Tracz: "Re: CAIS-ALERT: Vulnerability in the sending requests control of BIND"
    Date: Sun, 01 Dec 2002 01:32:20 +0100
    From: Ben Bucksch <ben.bucksch.news@beonex.com>
    To: bugtraq@securityfocus.com
    
    

    zen-parse wrote:

    > Last Stage of Delirium wrote:
    >
    >> Netscape seems to be another American company that does not seem to
    >> be fulfilling public obligations
    >
    > [...]
    > No reply received yet regarding money.
    > [...]
    > In case people haven't noticed yet, Open Source is not more secure.

    You seem to complain mostly about the lack of payment from Netscape. The
    bug bounty is offered by Netscape for the Netscape browser (which is not
    fully Open Source) under terms set forth by Netscape alone. While your
    anger is fully understandable (I don't know, if it's justified or not),
    it has nothing to do with the publicized security bug policy of
    mozilla.org [1].

    Please report bugs to mozilla.org directly. If you do that, you (as bug
    finder) are in charge of the terms and you can threaten the developers
    with full disclosure on bugtraq. If you plan to do that, please do it
    from the beginning.

    You are of course welcome to report the bugs to the Beonex project [2],
    and we will then handle the reporting and tracking. Beonex has an even
    more open stance than mozilla.org.

    Ben Bucksch
    Beonex

    [1] <http://www.mozilla.org/projects/security/security-bugs-policy.html>
    Quote: "Anyone who believes they have found a Mozilla-related security
    vulnerability can and should report it by sending email to the address
    security@mozilla.org. For more information read the rest of this
    document. [...]
    The original reporter of a security bug may decide when that bug report
    will be made public [...]"
    [2] <http://www.beonex.com>