Linked by Anthony Haywood on Wed 5th Jan 2011 15:44 UTC
Privacy, Security, Encryption In the last year there have been a number of organisations offering rewards, or 'bounty' programs, for discovering and reporting bugs in applications. Mozilla currently offers up to $3,000 for crucial or high bug identification, Google pays out $1,337 for flaws in its software and Deutsche Post is currently sifting through applications from 'ethical' hackers to approve teams who will go head to head and compete for its Security Cup in October. The winning team can hold aloft the trophy if they find vulnerabilities in its new online secure messaging service " that's comforting to current users. So, are these incentives the best way to make sure your applications are secure?
Thread beginning with comment 456008
To view parent comment, click here.
To read all comments associated with this story, please click here.
jimmy1971
Member since:
2009-08-27

I have no problem with the bio at the end of the piece. In this age of online anonymity, it is all-too-easy for people to hide behind nicknames, such as "jimmy1971". (And when people wear masks, it's that much easier to engage in pointless flame wars, which really is the online equivalent of mob activity.) Kudos to those who put transparency first. It takes courage to put something out there under your own name and open yourself up to whatever criticisms are pending.

My main concern is with the author's reference to his employer. These days companies tend to have strict policies on their underlings referencing their company in newsgroup postings. Therefore, this article leads me to believe that Idappcom has vetted this article, and potentially has encouraged and/or paid the author to write and publish it. Furthermore, that would make this article an "advertorial".

If the author was simply writing his own opinion, there would be no need to start a sentence with "At my company, Idappcom, we'd argue that ...". I don't care what his employer thinks, and I don't expect him to care what mine thinks. The article should be about what *he* thinks.

While on the surface this article isn't selling Idappcom products and services, it nevertheless reminds of that "chip shop" Kroc spoke off quite a while back on a podcast, where Coca-Cola had branded the menus and signage.

I hope this isn't the future of OSNews.

Although OSNews seems to think nobody's interested in the alternative OS scene, I for one would much rather read that than corporate-approved, anti-FOSS tripe.

Reply Parent Score: 4

David Member since:
1997-10-01

I also thought the bio was excessive, and I actually edited it down a little bit. The reason I allowed it to be as long as it ended up was because you can make the case that if you're going to opine on IT security, it's okay to state your authority to speak on the matter.

And yes, I'm certain that this author's employer was willing to let him write this story on company time in order to get their name out there. You're right that it might have come off a bit to "advertorial" and I'll take that as constructive criticism. I'll make a point to edit further articles that come off this way a little more heavily to tone down the pimping.

Reply Parent Score: 3

jimmy1971 Member since:
2009-08-27

Thank you for taking my comments in the constructive spirit in which they were intended. As a regular reader I certainly appreciate the good job you folks do. The fact that I spoke up via the comments is merely a sign that this site is something I care about.

Reply Parent Score: 2