BUGS BOUNTY

By Philip Elmer-DeWitt

THE INTERNET HAS BEEN SPRINGING more leaks than a rusty steam pipe lately, and nobody has been feeling the heat more than Netscape Communications. The Mountain View, California, start-up commands more than 70% of the market for software that enables networkers to "browse" the World Wide Web--the fast-growing multimedia portion of the Internet. Having promised it would make the Net safe for business--including home banking and online creditcard shopping--Netscape has become a fat target for anybody with the time or skill to prove that it hasn't achieved that goal. Just last month the company had to rush out a new version of the Netscape browser after two groups of hackers cracked its security code.

Hoping to harness some of that codebreaking talent, Netscape last week began offering cash awards to anybody who can find a security hole in the beta, or test, version of its latest browser software. Under the so-called Bugs Bounty program, the first person to identify a "significant" security flaw wins $1,000. Lesser bugs earn smaller prizes ranging from $40 sweatshirts to $12 coffee mugs. The idea, explains a company spokesperson, is to get hackers to hack when it will do the Netscape some good--before the product is officially released.

But it will take more than sweatshirts and coffee mugs to shore up the security of the Internet. The network was designed to be open and easily accessible, and new Internet software, like Sun Microsystems' Java, adds a whole new layer of insecurity. Java can liven up a Website with movies and animations sent to visitors' computers as little applications, or "applets." Java is supposed to screen these applets to make sure they can't do any damage to the computer that receives them. But to Sun's--and Netscape's--acute embarrassment, the version that appeared in Netscape's latest browser had a loophole big enough to let through all manner of software viruses. Netscape's programmers caught the bug last week before it could do any harm--and before they had to hand out any prizes.