MOUNTAIN VIEW, Calif. (December 8, 1995) -- Netscape Communications Corporation (NASDAQ: NSCP) today announced the first winners in its "Netscape Bugs Bounty," a program that rewards users who help Netscape find and report "bugs" in the beta versions of its software. The company announced two top prize winners who uncovered security vulnerabilities and fifty additional winners who reported other types of bugs in the beta versions of Netscape Navigator 2.0.
The program began in October with the release of beta versions of Netscape Navigator 2.0 -- available for Windows, Macintosh and X Window System operating environments. According to the contest rules which are available on Netscape's Web site, users who are the first to report a particular bug are rewarded with various prizes depending on the bug class: users reporting significant security vulnerabilities as judged by Netscape collect a $1,000 cash prize; users finding any security vulnerabilities win Netscape merchandise; and users finding other serious bugs are eligible to win items from the Netscape General Store.
"By inviting close review by our beta testers, the Netscape Bugs Bounty Program has already proved to be a great source of valuable feedback on our software," said Mike Homer, vice president of marketing at Netscape. "The program has increased the number of reported bugs for Netscape Navigator 2.0 beta versions by a factor of nine over our previous releases, enabling us to continue to refine our software and create products of the highest quality. By rewarding users for quickly identifying and reporting bugs back to us, this program is encouraging what is perhaps the most extensive, open review of beta software in the industry."
Netscape Bugs Bounty's first top prize winner is Scott Weston from Australia, who reported a security vulnerability that allowed the JavaScript open object scripting language to extract the history of a user's "surf" session. This vulnerability has already been addressed in the beta 3 version of Netscape Navigator 2.0, currently available on the Internet for downloading for free evaluation.
The second top prize winner is Paul Kocher, who discovered a timing-based attack against some implementations of public key cryptosystems. Accurate timing of encryption and decryption operations can yield information about the keys being used. This general cryptographic attack has not been demonstrated to work against any Netscape products, but Netscape is working with Kocher to investigate the practical applicability of this attack and to validate software changes which defeat it.
"As a consultant, I have been working with Netscape over the past few months to ensure that its products are as strong as possible," said Kocher, a cryptography expert. "Making its software resist this new attack is just one example of how I am helping Netscape to continue to improve its security systems."
Fifty other beta testers reporting significant bugs in Netscape Navigator 2.0 will receive Netscape merchandise from the Netscape General Store. The fifty winners were picked in a random drawing from among the people who reported unique bugs. Another round of winners will be drawn following the final release of Netscape Navigator 2.0.
In addition to the Bugs Bounty program, Netscape has taken a number of other steps to continue to refine and ensure the soundness of the security systems in its products. The company has posted security source code on the Netscape home page and various Internet newsgroups so that it can be reviewed by anyone wishing to do so. Netscape is also making its security code available for review by external security experts and various Netscape platform partners with expertise in specific operating system environments.
The final release of Netscape Navigator 2.0 is scheduled for availability in January. Users can purchase supported, licensed copies of Netscape Navigator directly from Netscape or from a Netscape authorized reseller. Pricing from Netscape starts at $49, which includes a 90-day warranty and customer support. Volume discounts are available for multiple user licenses. The software is free to students and staff of educational institutions and charitable non-profit organizations.
Netscape Communications Corporation is a premier provider of open software
for linking people and information over enterprise networks and the
Internet. The company offers a full line of Netscape Navigator clients,
Netscape servers, development tools and Netscape Internet Applications to
create a complete platform for next-generation, live online applications.
Traded on Nasdaq under the symbol "NSCP", Netscape Communications
Corporation is based in Mountain View, California.
Netscape Communications, the Netscape Communications logo, Netscape,
Netscape Commerce Server, Netscape Communications Server, Netscape Proxy
Server and Netscape News Server are trademarks of Netscape Communications
Corporation. NCSA Mosaic is a trademark of the University of Illinois.
All other product names are trademarks of their respective companies.