The Struts Bug Bounty, or How Corporations can Support Open Source

by Kevin Bedell

Related link:

Who says submitting patches for open source projects can't get you a paycheck? If you're working on the Struts Web Application Framework it can.

With the 1.1 release of Struts looming, Vic Cekvenich of BaseBeans Engineering wanted to help out. He knew the Struts developers were doing their best to close the last bugs that were in the way of the release, but he also knew that it would go faster if more people helped out. So his company decided to offer a "Bug Bounty".

The bounty was introduced by this post:

<Vic's Original Message>

List: struts-dev

Subject: Bug reward $

From: "V. Cekvenich"

Date: 2002-10-21 0:03:09

I will send via pay pal $135 to each person that fixes at least one bug and e-mails me that they did + a link to bugzila, up to the first 6 real bugs, which is about 10% of bugs. (maybe a few more companies help focus funds on the release). I know it’s not much, but support can start someplace, I think a lot of companies would like to be the “Covalent” of Struts as would baseBeans … at least if you are just sitting home an have half a day to kill.

There are about 46 bugs for Struts 1.1. I do not need a release of 1.1 but I would like to sponsor some fixes, related to it, so don’t think it to cheesy.

NOTE: you do not need to be a committer for this, you must submit the diff to bugzilla, but I will not have time to test, so I wish you good karma that you do test the fix. (A committer can then… commit should the code be acceptable)
Any simple text DTD or doco fixes don’t count, and also I reserve the right not to pay for any reason (I did sponsor prior some work by at least several others)

I probably won’t list the people that do e-mail me that they did a patch, and do not have time to answer more questions.

BeanUtils: 12728, 13596

DBCP: 12047, 12400, 12733, 12869, 13155

Digester: 12534

Pool: 12841, 13649, 13705

Validator: 13030, 13472, 13539, 8787

</Vic's Original Message>

Given that he limited his exposure to the first 6 bugs reported closed, Vic's risk wasn't really that high - especially given the potential for improvements in the project. Plus, you never know what contributions might be made in the future by people who got involved because of the bounty. After all, Craig McClanahan - the original author of Struts and an early, core developer for the Jakarta Tomcat project - first got involved with open source trying to 'help out' with getting a release of the Apache JServ project out the door.

What will the impact be from Vic's bounty? Who knows... More importantly, what would happen if firms everywhere took the same approach? The sky's the limit.

How does your company contribute to Open Source?