Subject: Re: Bug Bounties. Making $ from bugzilla.
From: Ben Laurie <>
Date: Sun, 25 Nov 2001 13:49:45 +0000

"Kevin A. Burton" wrote:
> Hash: SHA1
> OK.
> Just thinking off the top of my head.  Has anyone talked about this before?  I
> am sure I am not the first...
> Alice needs a bug fixed in her favorite OSS project.  Alice and Bob don't know
> each other but Bob knows a LOT about that project and could fix the bug in a few
> minutes but he has other things that are more important....
> Alice logs into the Bug Bounty system (theoretical name only of course) and
> posts a $20 bounty into the system which holds it in escrow.
> It turns out that a lot of other people agree so Carol puts in another $20.
> Bob logs into the Bug Bounty system, sees the bounty, fixes the bug and uploads
> the patch.
> A 3rd party logs in to the system to approve the bounty (it is approved), Alice
> and Carol get the patch integrated into the next version upgrade (in a few
> weeks) and Bob gets the $40.00.
> ... of course the devil is in the details. :)
> The 3rd party would have to be paid.  Maybe an agreed percentage.  If Bob has a
> good reputation maybe he wouldn't need the 3rd party.
> Thoughts?  Criticism?
> I agree this is similar to SourceExchange, et al but there is one difference,
> this is directly related around users and developers, not companies.

SourceXchange shut down, of course, which is not exactly a difference,
but kinda relevant I feel.




"There is no limit to what a man can do or how far he can go if he
doesn't mind who gets the credit." - Robert Woodruff