This sort of thing is not new. I think the first one was qmail: <a href="http://cr.yp.to/qmail/guarantee.html" rel="nofollow">http://cr.yp.to/qmail/guarantee.html</a> followed shortly by djbdns: <a href="http://cr.yp.to/djbdns/guarantee.html" rel="nofollow">http://cr.yp.to/djbdns/guarantee.html</a> (which was awarded in 2009: <a href="http://article.gmane.org/gmane.network.djbdns/13864" rel="nofollow">http://article.gmane.org/gmane.network.djbdns/13864</a>)<p>Dovecot also has a similar guarantee: <a href="http://dovecot.org/security.html" rel="nofollow">http://dovecot.org/security.html</a><p>As does Mozilla:
<a href="http://www.mozilla.org/security/bug-bounty.html" rel="nofollow">http://www.mozilla.org/security/bug-bounty.html</a><p>Even Facebook is in on the game: <a href="http://www.facebook.com/whitehat/bounty/" rel="nofollow">http://www.facebook.com/whitehat/bounty/</a><p>Bug bountying in general of course started with Donald Knuth: <a href="http://en.wikipedia.org/wiki/Knuth_reward_check" rel="nofollow">http://en.wikipedia.org/wiki/Knuth_reward_check</a> and has recently become moderately popular as a strategy for increasing open-source code quality: <a href="http://www.daemonology.net/blog/2011-09-05-lessons-learned-from-bountying-bugs.html" rel="nofollow">http://www.daemonology.net/blog/2011-09-05-lessons-learned-f...</a>
Here is the latest source for anyone with too much time on their hands: <a href="http://www.and.org/and-httpd/0.99.11/" rel="nofollow">http://www.and.org/and-httpd/0.99.11/</a><p>Last update from changelog is 2006-09-10
I wanted to give it a try, had to look for the source (found it on sourceforge) tried to ./configure it requires a Vstr from the same website now need to look for the source ...<p>It's not like they want you to try it :D