~ 1 min read
Making $500 from Open Source Software
By all means this is not a joke, nor a spam.
You can really, truly, make $500 dollars if you are able to just find one security vulnerability in the qmail project.
In all truth — this is the story of Security in Open Source Software.
More precisely, this is the story of qmail’s security guarantee:
In March 1997, I offered $500 to the first person to publish a verifiable security hole in the latest version of qmail: for example, a way for a user to exploit qmail to take over another account.
My offer still stands. Nobody has found any security holes in qmail.
D. J. Bernstein
How about that for quality control in Open Source Software?
We can learn a lot about effective security guidelines from DJB, who is also the man behind the legendary DNS tool djbdns.
DJB covers 7 principles that lead him to create a secure quality software:https://cr.yp.to/qmail/guarantee.html — A must read for any software engineer!
Which secure software guidelines are you following?
Which software project do you find secure at this level?