Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

This is one reason why I'm going to be providing bounties for more than just security bugs. Even if people don't expect to find security bugs, they might find a typo in a comment and earn themselves a $1 tarsnap account credit -- and as demonstrated here, simply looking at source code can result in finding bugs even if you weren't originally looking for them.


Clever. Especially since "normal" bugs occasionally have that nasty habit of turning into security relevant bugs.

It will be interesting to see how close you can manage to get something resembling good review on a budget. Hopefully other people who are in similar low margin code businesses will keep an eye on your experiment to see how it works out.

Thanks for being so open about how you're trying to make things work. I hope you'll be publishing all the awarded bounties? (I suppose I should just wait for your follow-up entry.)


Yes, I'll find somewhere on the website to put that list.


Finding a bug in tarsnap is something that might be worth considerably more than your bounty to the highest bidder.


Quite likely. But fortunately for me, most people get nervous at the idea of negotiating with organized crime syndicates.


Not that I've seen, but I might have a different view of what constitutes an organized crime syndicate than you do.


Does the government count?


shhhhh! they might be listening. illegally.


They can sue you for making this hypothesis publicly, please think of it (in your interest).




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: