MOUNTAIN VIEW, California: Netscape says it will have a fix by early next week of a flaw in their Netscape 2.0, 3.0 and 4.0 browsers that allows web site operators to read the contents of your hard drive. So far, this is business as usual -- Microsoft experienced a security problem with its Internet Explorer browser three months ago. The rub came earlier this week, when Cabocomm, the Danish company that discovered the bug, told Netscape it wanted to be paid what a spokesman called "a large, unspecified amount of money" to give the company the solution.
The news calls into question the whole relationship between software manufacturers and the users who try out their beta products. Traditionally, companies have made their almost-ready-for-prime-time software available at no charge on the Web. In return, users agreed not to sue if it trashed their hard drives or turned out to have other significant bugs. Netscape even offers $1,000 to anyone who discovers a 'serious' flaw in it's products. So far, according to Rosanne Siino, Netscapeĺs vice president of corporate communications, "I've never heard of another case where someone withheld information. In general, people have been terrific about sharing information." Siino says the company refused to pay Cabocomm, since that would set a bad precedent. Netscape compares the situation to one where "somebody makes a bomb threat and then wants you to pay him to tell you where the bomb is." Others are not so sure; some Web discussion groups have likened the deal to merely negotiating over a price, since Netscape offers a reward already. The looming PR problem for Netscape and others is that while security flaws aren't likely to concern the technologically savvy users who have traditionally used beta software, the newer users coming on to the web may not make the distinction between beta and final release.