[liberationtech] DecryptoCat
Nadim Kobeissi
nadim at nadim.cc
Thu Jul 11 11:53:23 PDT 2013
On 2013-07-11, at 2:08 PM, Maxim Kammerer <mk at dee.su> wrote:
> On Thu, Jul 11, 2013 at 9:04 PM, Jonathan Wilkes <jancsika at yahoo.com> wrote:
>> I think the upshot of that is to steer whatever funds Cryptocat has
>> toward the form of peer review that did work, which is the bug
>> hunt (as well as look into other forms of peer review that would
>> be more effective).
>
> The problem with bug hunting is that, in virtually all cases, the
> reward for an exploitable bug is orders of magnitude lower than what
> can be fetched on the open market. So it is not a replacement for a
> thorough review by experts.
There was a recent article on this:
http://threatpost.com/researchers-find-bug-bounty-programs-pay-economic-rewards/101243
NK
>
> --
> Maxim Kammerer
> Liberté Linux: http://dee.su/liberte
> --
> Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at companys at stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
More information about the liberationtech
mailing list