Subject: Re: Bug Bounties. Making $ from bugzilla.
From: burton@openprivacy.org (Kevin A. Burton)
Date: 25 Nov 2001 12:38:56 -0800

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

"Brian J. Fox" <bfox@ua.com> writes:

>    From: burton@openprivacy.org (Kevin A. Burton)
>    Date: 25 Nov 2001 01:59:14 -0800
> 
>    OK.
> 
>    Alice logs into the Bug Bounty system (theoretical name only of
>    course) and posts a $20 bounty into the system which holds it in
>    escrow.
> 
>    It turns out that a lot of other people agree so Carol puts in
>    another $20.
> 
>    Bob logs into the Bug Bounty system, sees the bounty, fixes the bug
>    and uploads the patch.
> 
> What's Bob's incentive to provide the patch speedily?

The free market.  This system isn't limited to Alice, Bob and Carol.  

> Why wouldn't all the Bob's of the system wait until the bounty stops going up?

Supply and demand.  As soon as the bounty becomes high enough, people will
start working on it.  This keeps the system efficient. 

> BTW, that behaviour might not be bad -- in fact, it might be the right thing.
> But then it is hard to provide any guarantees on QOS, so larger companies
> (which have more money) might be less interested in the service.
> 
>    A 3rd party logs in to the system to approve the bounty (it is
>    approved), 

Yes.  I agree that QOS is important.  We could implement some sort of
certification program.  Bounty submitters could post feedback.  If the post was
low quality your certification level would be reduced, high quality and it
would be increased.

The percentage of bounty you receive is dependent on your certification level.

IE:

Amateur:  50%
Aprentice: 70%
Master: 100%

or other derivations.

> What makes the 3rd party an expert on the particular piece of software that
> got fixed?

He just fixed the bug didn't he :)

> If they are an expert on that software, mightn't they be the ones that are
> doing the fixing?  That would create a conflict of interest.
<snip>

I am confused by this last sentence.  I wouldn't have a problem with an expert
getting paid to fix bugs.

Kevin

- -- 
Kevin A. Burton ( burton@apache.org, burton@openprivacy.org, burtonator@acm.org )
             Location - San Francisco, CA, Cell - 415.595.9965
        Jabber - burtonator@jabber.org,  Web - http://relativity.yi.org/

Whenever there is a conflict between human rights and property rights, human
rights must prevail.
  -- Abraham Lincoln
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: Get my public key at: http://relativity.yi.org/pgpkey.txt

iD8DBQE8AVL+AwM6xb2dfE0RAsGIAKDIx7bKBknqtayH7XWK1g0+p4VZzwCfdjo6
6y1ag+LJooUaAFJh1uFuGfo=
=Q73D
-----END PGP SIGNATURE-----