Re: [Full-Disclosure] Netscape Problems.

[Ben Bucksch <ben.bucksch.news () beonex com>]

zen-parse wrote:

> Last Stage of Delirium wrote:
>
> > Netscape seems to be another American company that does not seem to 
> > be fulfilling public obligations
>
> [...]
> No reply received yet regarding money.
> [...]
> In case people haven't noticed yet, Open Source is not more secure. 

You seem to complain mostly about the lack of payment from Netscape. The 
bug bounty is offered by Netscape for the Netscape browser (which is not 
fully Open Source) under terms set forth by Netscape alone. While your 
anger is fully understandable (I don't know, if it's justified or not), 
it has nothing to do with the publicized security bug policy of 
mozilla.org [1].

Please report bugs to mozilla.org directly. If you do that, you (as bug 
finder) are in charge of the terms and you can threaten the developers 
with full disclosure on bugtraq. If you plan to do that, please do it 
from the beginning.

You are of course welcome to report the bugs to the Beonex project [2], 
and we will then handle the reporting and tracking. Beonex has an even 
more open stance than mozilla.org.

Ben Bucksch
Beonex

[1] <http://www.mozilla.org/projects/security/security-bugs-policy.html>
Quote: "Anyone who believes they have found a Mozilla-related security 
vulnerability can and should report it by sending email to the address 
security () mozilla org. For more information read the rest of this 
document. [...]
The original reporter of a security bug may decide when that bug report 
will be made public [...]"
[2] <http://www.beonex.com>