Mozilla launches new security project

Open source software developer Mozilla said this week it is launching a new initiative designed to develop better security measures for Firefox by recording a whole series of metrics over time.

The new project will track the relative risk to Firefox users over a span of time as well as Mozilla developer's ability to increase the software's security, rather than just recording the number of patches it releases a year.

The new method will enable Mozilla to provide a model for the security of Firefox that determines factors such as the length of time users are exposed to bugs.

In its security blog, Mozilla writes: "We do not think any model can define an absolute level of security, so we decided to take the approach of tracking metrics over time so we can track relative improvements (or declines), and identify any problem spots. This information will support the development of Mozilla projects including future versions of Firefox."

With the help of independent security consultant Rich Mogull, Mozilla's developers collaborated on the project for a few months. A preliminary overview of their goals can be downloaded in spreadsheet form here.

Mozilla is inviting users to provide their own feedback in developing the method. The company also hopes to eventually create a foundation for other software developers to apply to their own products while offering a more in-depth approach to the software security issue.

Meanwhile, the recently released Firefox 3 still contains a backdoor vulnerability that puts users at risk to hackers. The company has been working to resolve the security flaw, while releasing patches for 13 bugs in Firefox 2, five of which are listed as "critical".

print this article

Return to hosting news headlines
View Hosting News Archive

Share with: