Subject: Re: Bug Bounties. Making $ from bugzilla.
From: "Brian J. Fox" <bfox@ua.com>
Date: Sun, 25 Nov 2001 09:03:10 -0800


   From: burton@openprivacy.org (Kevin A. Burton)
   Date: 25 Nov 2001 01:59:14 -0800

   OK.

   Alice logs into the Bug Bounty system (theoretical name only of
   course) and posts a $20 bounty into the system which holds it in
   escrow.

   It turns out that a lot of other people agree so Carol puts in
   another $20.

   Bob logs into the Bug Bounty system, sees the bounty, fixes the bug
   and uploads the patch.

What's Bob's incentive to provide the patch speedily?  Why wouldn't
all the Bob's of the system wait until the bounty stops going up?

BTW, that behaviour might not be bad -- in fact, it might be the right
thing.  But then it is hard to provide any guarantees on QOS, so
larger companies (which have more money) might be less interested in
the service.

   A 3rd party logs in to the system to approve the bounty (it is
   approved), 

What makes the 3rd party an expert on the particular piece of
software that got fixed?  If they are an expert on that software,
mightn't they be the ones that are doing the fixing?  That would
create a conflict of interest.

Brian
== The Difference Between Cultures: ==
    Einigkeit und Recht und Freiheit
    Liberte', E'galite', Fraternite'
    Sex, drugs and rock'n'roll