[15636] in cryptography@c2.net mail archive
Re: Is finding security holes a good idea?
daemon@ATHENA.MIT.EDU (David Honig)
Thu Jun 17 14:24:01 2004
X-Original-To: cryptography@metzdowd.com
X-Original-To: cryptography@metzdowd.com
Date: Thu, 17 Jun 2004 08:15:59 -0700
To: EKR <ekr@rtfm.com>, tls@rek.tjls.com
From: David Honig <dahonig@cox.net>
Cc: cryptography@metzdowd.com
In-Reply-To: <kj8yenb425.fsf@romeo.rtfm.com>
At 02:12 PM 6/16/04 -0700, Eric Rescorla wrote:
>Thor Lancelot Simon <tls@rek.tjls.com> writes:
Have neither of you considered why people write
open-sourced code? Reputation, to learn, utility, etc.
With the exception of perhaps security-focussed
code, no one gains much reputation by *finding*
bugs whereas contributing a package of functionality
(buggy or not) wins community points.
In short, aside from common cognitive foibles
which you're discussing,
the open-source reward system doesn't make heroes of bug
finders. Eg I might know the name of the author
of eg sendmail, but do you know the names
of anyone who found a security bug in that code?
(Not including people you knew before).
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
