12 comments

[ 4.3 ms ] story [ 51.7 ms ] thread
That page was last modified in 2006. It must have held up well against attacks or he would be broke by now!
"The $2,000 is only available to the first person who provides a working attack"
I would look to find the last time the code was worked on, but there isn't even a code repository listed.
This sort of thing is not new. I think the first one was qmail: http://cr.yp.to/qmail/guarantee.html followed shortly by djbdns: http://cr.yp.to/djbdns/guarantee.html (which was awarded in 2009: http://article.gmane.org/gmane.network.djbdns/13864)

Dovecot also has a similar guarantee: http://dovecot.org/security.html

As does Mozilla: http://www.mozilla.org/security/bug-bounty.html

Even Facebook is in on the game: http://www.facebook.com/whitehat/bounty/

Bug bountying in general of course started with Donald Knuth: http://en.wikipedia.org/wiki/Knuth_reward_check and has recently become moderately popular as a strategy for increasing open-source code quality: http://www.daemonology.net/blog/2011-09-05-lessons-learned-f...

How did this get to the front page when the last update to the source was 6 years ago?
I wanted to give it a try, had to look for the source (found it on sourceforge) tried to ./configure it requires a Vstr from the same website now need to look for the source ...

It's not like they want you to try it :D

That isn't a guarantee it's a bounty. A guarantee would pay out to all affected customers. Affected probably would mean compromised by an attacker.