Please help improve Yenta's security, so that all of its users may benefit. We are offering incentives for finding major flaws.

To be most helpful to us, and hence to do the most to improve Yenta's security, please read all of the topics below. They cover:

Commenting on the source code

Your easiest starting point is probably to critique Yenta's source code directly. Yenta's current source code is available via Yvette, which allows collaborative critique of a body of code: each person may make comments on a single function, a whole file, or an entire subtree of the source, and others may view these comments. This allows dividing up the work.

Since it is expected that most possible flaws will concern some well-defined area of the source code, you should remark on it at the appropriate point in the source tree that Yvette gives you. If you think you have found something particularly serious, you may want to send mail to telling us what you found. Please see also our description of what counts as a flaw.

What incentives we have for you

There are several incentives available to encourage people to improve Yenta's security:

What counts as a flaw?

This is a description of our threat model. In other words, what sorts of flaws are we looking for?

Security bugs versus other bugs

What sort of attacks are we talking about?

Last modified: Wed Mar 24 21:42:09 EST 1999