- Mythbuster busts his own tale
- 10 open source companies to watch
- Sony recalls 73,000 Vaio laptops
- Tool to evade China's Web censorship
- Chrome and Firefox and add-ons
Newsletters | Podcasts | Chats | Opinions | RSS Feeds | This Week In Print | IT Careers | Community | Reports | Downloads | Slideshows | New Data Center
Partner Sites:App Performance | On Demand Security | Networking Solution | SOA | Value of WDS
A Mozilla executive has vowed that his company can patch any critical vulnerability in its software within 10 days, a sign that Mozilla may intend to step up its efforts to improve security.
Mozilla executive Mike Shaver backed up his claim by scrawling it on a business card at the Black Hat security conference in Las Vegas last week and handing it to Robert Hansen, CEO of SecTheory.com, who also runs the ha.ckers.org Web site. Hansen posted a photo of Shaver's business card, including the claim "Ten [expletive] days."
"I told him I would post his card -- and he didn’t flinch. No, he wasn’t drunk. He’s serious," Hansen wrote in his blog.
Web browser security has become increasingly important with the rise in use of Web-based applications, from Google's Gmail to social networking sites such as Facebook.com and enterprise software-as-a-service programs such as Salesforce.com. A security vulnerability within a Web browser can put a user's data at risk and make a PC vulnerable to hackers.
Shaver's 10-day pledge applies to "critical" vulnerabilities, although there is no standard for such a rating, and different companies evaluate levels of risk in different ways. Another condition is that the vulnerability is disclosed responsibly, meaning Mozilla is notified of the issue before it is publicized.
The pledge sparked some debate about whether Mozilla will be able to keep to it.
"I've always been a fan of Mozilla and Firefox, however, this is a pretty bold claim for a company of any shape or size," Hansen wrote.
Other commentators said keeping the 10-day promise might not be easy. Patches need to be of high quality and tested properly, which could take more time depending on how severe the vulnerability is, said Graham Cluley, senior technology consultant for Sophos.
"If that's what they're saying, then it is an audacious claim," Cluley said. "Some critical security vulnerabilities can reside deep in the bones of a complicated software product like Firefox and may require extensive testing to ensure that the highest quality fix is being made available to the users."
Others had more confidence in Shaver's claim.
"Rome wasn’t built in one day, but heck, Firefox isn’t Rome," said a commentator on Hansen's blog. "And Mozilla has 10 whole days. I don’t know, put 20 geeks in front of a computer for 10 days and just watch them go."
Rss FeedRss Feed
Gartner summarizes its view on Application Delivery Controllers, evaluates strengths and weaknesses...
Vulnerability Management For DummiesDownload this concise book "Vulnerability Management for Dummies," to learn about the simple steps...
The ROI and TCO Benefits of Data Deduplication for Data Protection in the EnterpriseThis paper examines and quantifies the costs and benefits of backup with deduplication storage as...
Life on the edge of your WAN has changed dramatically. With the need to deliver advanced services,...
PoE Plus: Impact on the PoE MarketThe standard for Power over Ethernet (PoE), IEEE Std. 802.3af(tm)-2003, advanced networking,...
Harnessing the power of communications to increase workplace performanceDue to the convergence of IT and telecommunications technologies, the business workplace has been...
We have so many holes punched in our firewalls today that many industry insiders question the value...
The self-managed networkWe aren't there yet, but advances in network and systems management tools are making it possible to...
| NetworkWorld, Inc. | About Network World, Inc. | Advertise | Careers | Contact us | Terms of Service/Privacy | Reprints and links | Partnerships | Press room | Subscribe to NW |
| IDG, Inc. | CIO | Computerworld | CSO | Demo | GamePro | Games.net | IDGconnect.com | IDG World Expo | Infoworld | JavaWorld.com | LinuxWorld.com | MacUser | Macworld | PC World | Playlistmag.com | The Industry Standard | IDG List Services | IDG TechNetwork |
 |
Copyright © 1994-2008 Network World, Inc. All rights reserved. |
Partner Content
Brilliantly simple security and control solutions for email, web and endpoint
www.sophos.com
Stopping data leakage
Learn how to exploit your current security investment to control the information that flows into, through and out of your network.
Download the white paper.
Why detection rates aren't enough
Evaluating endpoint security products is a time-consuming and daunting task. Learn the six critical questions you need to ask prospective vendors to get the right endpoint solution.
Download the white paper.
Applications: taking back control
Employees installing unauthorized applications is a growing threat to business security and productivity. Cost-effectively reduce this threat by integrating control into your malware protection.
Learn more today.
Comment