🚀 Liran Tal

~ 1 min read

Making $500 from Open Source Software

share this story on
By all means this is not a joke, nor a spam.You can really, truly, make $500 dollars if you are able to just find one security…

By all means this is not a joke, nor a spam.
You can really, truly, make $500 dollars if you are able to just find one security vulnerability in the qmail project.

In all truth — this is the story of Security in Open Source Software.
More precisely, this is the story of qmail’s security guarantee:

In March 1997, I offered $500 to the first person to publish a verifiable security hole in the latest version of qmail: for example, a way for a user to exploit qmail to take over another account.

My offer still stands. Nobody has found any security holes in qmail. 
D. J. Bernstein

How about that for quality control in Open Source Software?

We can learn a lot about effective security guidelines from DJB, who is also the man behind the legendary DNS tool djbdns.

DJB covers 7 principles that lead him to create a secure quality software:https://cr.yp.to/qmail/guarantee.html — A must read for any software engineer!

Which secure software guidelines are you following?
Which software project do you find secure at this level?

Liran Tal is the author of the book Node.js Secure Coding: Defending Against Command Injection Vulnerabilities

The book: Node.js Secure Coding: Defending Against Command Injection Vulnerabilities