Subject: Re: Bug Bounties. Making $ from bugzilla.
From: Brendan Macmillan <>
Date: Tue, 27 Nov 2001 16:53:10 +1100 (EST)

> On 25 Nov 2001, Kevin A. Burton wrote:
> > Yes.  I talked to Brian (Behlendorf) about this.  He was very down on the
> > idea.  This was basically what I expected from someone who just had his
> > dream crushed.
> Well, SourceXchange wasn't so much a "dream crushed" as an experiment that
> didn't quite turn out, but seems in retrospect like it was worth trying.
It's very interesting to read about these problems - thanks.  I've been
thinking of a much more informal way for small OSS projects to directly reward
contributors, rather than through an intermediary.

Has anyone already got something like this working?  I'd be very keen to hear
about it!

> The main difficulties were:
> a) Being a "trusted third party", especially one that tries to keep the
> participants honest by sending the bill and cutting the checks, is a lot
> more work than it was worth; even with a 20% fee.
Would it make sense for a given OSS project to do this for themselves, instead
of having a trusted third party?  If there was direct, informal, personal
trust, it would be much cheaper to run.

> b) We did have a system with lots of checks and balances to try and
> address concerns about the process - having a peer reviewer on every
> project, for example.  That added lots of overhead and delay to the
> process.
Personal trust would reduce this too.  There is already much trust within an
open source community - if the financial reward to contributors was presented
as a gift of thanks, maybe it would be less likely to undermine that trust?
Yes, this wouldn't work as well as a motivation to contribute; but doesn't
having the money as motivation cause many of the problems discussed so far?

Money has other uses than as motivation: to enable contributors to rationalize
and justify their own gifts; to avoid turning off contributors who don't like
the idea of others making money from their gifts, and give all concerned a nice
feeling of fairness.  ;-)

That is, money as facilitation rather than as motivation.

> c) Coming up with a proposal, with milestones and schedule, is very
> difficult unless that's your core business and area of expertise.  Cygnus
> was such an expert with GNU compiler tools they could get this down to a
> science, but most developers just aren't there.  Instead, the usual is to
> work on a contract basis for a certain $$/hr with a rough guess to the
> amount of work to be done, and occasional review.  SXC, by contrast, was
> pretty much all about fixed-fee contracts; that was a risk the developers
> would have to take, and worked against them.
If it was by personal trust, then it could be worked out between the parties,
on a case-by-case basis.  This could be time-consuming, so some guidelines
would be needed - and some give and take.  An aspect of "per hour" and an
aspect of performance, rather like employing someone on a casual basis; but
they are already motivated.

I note that Cygnus hired the really good submitters full-time - I guess I'm
suggesting hiring them on a casual basis.

> d) Selling the concept was hard - we tried to describe it as Ebay for open
> source software development, but then get dinged for such a high fee.
> Selling a process is hard to do to those who have never been bitten by the
> lack of one.  Those who were willing to shell out a bunch of money for
> software development would rather have worked with a domain-specific
> outfit, like Cygnus, or wanted to think we were since we played such a
> strong trusted third-party role.

> There's no one to blame for this - all the developers and sponsors were
> great participants and willing to give it an honest try, and under ideal
> conditions the process worked.  We did distribute a couple hundred
> thousand dollars to open source developers to write true open source
> software.  All of the above issues could probably have been addressed with
> sufficient time, funding, and market opportinity.  We looked at this after
> being up for a year and saw several other sites doing similar things,
> without the restriction of being only about open source software
> development (interest in proprietary development made up the majority of
> inquiries to us), in many cases better funded, usually with less process,
> and there just wasn't the amount of interest we thought would be needed to
> make it worthwhile.  To get $10M in revenue a year (what would be needed
> to break-even a company of 50 or so, within a factor of 2) we'd have to
> broker $50M in jobs, and even getting $20K jobs was a couple weeks' work
> for a couple people.  Especially since we were constantly trying to
> explain to people why it was worth spending their money to create software
> their competitors could also use for free (sigh).  We probably could have
> downshifted to being only a matching service, but even asking for a 1% fee
> at that point would be awkward and wouldn't have supported more than one
> or two people.  Our other interests were picking up at that time, so we
> dropped it instead of exploring that option.
> If someone wants to give this a try again, start by being just a matching
> service, something that *can* be done by one or two people and doesn't
> have high overhead or complexity.  Let the developer and sponsor work
> out terms between each other, perhaps provide them some templates but
> don't mandate anything except your listing fee.  Then go from there.
I think it would be very valuable to provide templates and
advice/mentoring/consultation to facilitate the "hiring".  This role is
traditionally played by business advisors like accountants and lawyers.  But
it's hard to find any of them with experience with OSS - at least here in

Wouldn't the listing - by its nature - would attract people motivated by the
money, rather than the project itself?

e:                    v:  +61 (3)  9905 1502
Email is checked daily                              Phone is rarely attended