By the time you read this column, the news that all versions of Netscape's industry-leading browser have a major security hole will be old. The story, which first came to public attention through an exclusive report on CNN last Thursday, quickly became the stuff of on-line and print media articles over the weekend - creating a new security scare and probably causing Netscape to be flooded with inquiries. Potentially the bug - already named the Danebug - lets Web administrators read files directly off a user's hard drive while the user is downloading information from a Web site. This could be even bigger than other bugs in Microsoft's Internet Explorer over the past year which led many people to choose Netscape in preference to its rival. But the scariest part of the whole situation is how it came to light. The history of all this is that a Danish software developer, Christian Orellana, found the bug and informed Netscape of its existence without providing details needed to fix the problem. He then proceeded to demand a large sum of money in return for the information. Normally, Netscape offers individuals US$1,000 for reporting show-stopper bugs like this, but apparently that was not enough for this developer. Mr Orellana then provided the information to CNN, which broke it on the news last week. However, he has continued to demand a larger sum from Netscape for the information because, he claimed to some reporters, he spent weeks working on this information and deserved to be compensated for his time. This seems reasonable to a certain degree. After all, this bug, if left unresolved, could easily make people drop Netscape as their browser of choice. That could be worth more than the regular $1,000 compensation offered by Netscape. However, the whole argument loses steam when seen in the light of other revelations about Mr Orellana's apparent intention. In a story posted to PC Week 's Web site, an e-mail from Mr Orellana to Netscape is quoted in which the developer makes it clear that he is out for money and that if Netscape doesn't pay up he will find someone who will. 'The information is certainly worth a bit on the free market, and I am currently awaiting responses from other parties,' the e-mail reportedly said. So, who would these other parties be? They aren't likely to be people out to patch the bug in Netscape - that would be Netscape's job. Either other software developers would want to capitalise on the bug by selling extra software to protect Netscape users, or people intent on data theft would want the secret. This leaves one thinking that perhaps Mr Orellana didn't pursue the bug and how it works for any altruistic motive to make the Net a safer place but rather out of his own fiscal interest - basically his actions could be motivated by greed. What this all highlights is a growing danger on the Internet. As software vendors rely on the general public to perform their beta testing this will open the way for dangerous security bugs being discovered by individuals who will take advantage of the bug rather than reporting it. Instead of tightly controlled beta programs which usually weed out the worst offending bugs, buggy and potentially dangerous software is thrown at unsuspecting users who are then tempted with some limited financial reward for documenting and reporting those bugs. Of course, most people don't have the know-how to detect, diagnose and properly document software bugs and there is little doubt that the majority of Netscape users aren't even aware that if they identify bugs they should be reported to Netscape. Maybe it is time for Internet software makers to rethink their development and testing practices in light of this incident. We have been witnessing a game of features leap-frog vaguely reminiscent of the arms race of the Cold War. Maybe it is time for a thaw.