By Steve Ragan
The Tech Herald
July 8, 2008
Mozilla has started a program that will create a sort of measurement
guide showing how well the Firefox developers deal with security issues.
Details of the project were announced last week, which explain that the
project's mission is to track not only how security is handled, but how
long it takes to protect Firefox's growing user base when
vulnerabilities are discovered.
Mozilla has been working with Rich Mogull for awhile now, creating a
project that will develop a metrics model for security measurement.
"I've been working in the security world for 17 or so years, and
breaking my computers even longer. After about 10 years in physical
security (mostly running large events/concerts) I made the mistake of
getting drunk in Silicon Valley and telling someone I 'worked in
security'. Next morning I woke up with a job as an IT security
consultant. That's not totally true, but it's far more amusing than my
full biography," Mogull jokes. The truth is, he is the founder of
Securosis, and spent over seven years as a security analyst with
The Metrics project that Mozilla has launched is likely similar to other
things that have been used internally at other companies. However, the
importance of this initiative from Mozilla is that it is completely open
and public. They want the security community, and community as a whole,
to weigh in and offer feedback.
Attend Black Hat USA, August 2-7 in Las Vegas,
the world's premier technical event for ICT security experts.
Featuring 40 hands-on training courses and 80 Briefings
presentations with lots of new content and new tools.
Network with 4,000 delegates from 50 nations.
Visit product displays by 30 top sponsors in
a relaxed setting. http://www.blackhat.com