[EMAIL PROTECTED] writes: > http://sec.greymagic.com/adv/gm001-ns/ > > GreyMagic Security Advisory GM#001-NS > By GreyMagic Software, Israel. > 30 Apr 2002. > > Topic: Reading local files in Netscape 6 and Mozilla.
The folks at GreyMagic have some pretty unpleasant things to say about Netscape's Bug Bounty Program for security bugs. Does anybody know how much truth there is to this? "GreyMagic Software" <[EMAIL PROTECTED]> writes: > Important notes: > ================ > > Netscape was contacted on 24 Apr 2002 through a form on their web site and > through email to [EMAIL PROTECTED] and [EMAIL PROTECTED] > > They did not bother to respond AT ALL, and we think we know why. > > A while ago Netscape started a "Bug Bounty" program, which entitles > researchers who find a bug that allows an attacker to run unsafe code or > access files to a $1000 reward. > > By completely disregarding our post Netscape has earned themselves a $1000 > and lost any credibility they might have had. The money is irrelevant, but > using such a con to attract researchers into disclosing bugs to Netscape is > extremely unprofessional. > > Netscape's faulty conducts made us rethink our disclosure guidelines and we > came to the following decisions: > > * Release all future Netscape advisories without notifying Netscape at all. > > * Advise the security community to do the same. Netscape is deceiving > researchers and should not be rewarded. > > * Advise customers to stop using Netscape Navigator through our security > advisories and business contacts. > > > [1] http://home.netscape.com/security/bugbounty.html
