Subject: Re: Bug Bounties. Making $ from bugzilla.
From: Ian Lance Taylor <ian@airs.com>
Date: 25 Nov 2001 12:56:03 -0800

burton@openprivacy.org (Kevin A. Burton) writes:

> > If they are an expert on that software, mightn't they be the ones that are
> > doing the fixing?  That would create a conflict of interest.
> <snip>
> 
> I am confused by this last sentence.  I wouldn't have a problem with an expert
> getting paid to fix bugs.

If I am an expert in the software, I insert a set of bugs into a
release, and I prepare patches in advance.  Then I wait for people to
offer money to fix them, and I release the patches.

People used to routinely argue that Cygnus had a strong incentive to
do this.  They were wrong, for two reasons: 1) we didn't have to
intentionally insert extra bugs; we inserted plenty by mistake; 2) our
real competitors were not other free software support shops, but other
companies which provided alternative embedded development tools, so if
we shipped a buggy product, people would switch away from free
software and we would get no repeat business.

In the bug bounty system, reason 1 still exists, but reason 2 does
not.

Ian