Mozilla is now very curious to disprove the idea if the software is bigger it is the less secure. The open-source manufacturer of the Firefox browser is making an extensively obtainable metrics model which software providers can utilize to measure the relative security of their products.
Mozilla will influence itself the model to determine the efficiency of with its development process and the ability by Mozilla and its users to Firefox security problem as stated by Rich Mogull independent who is the security consultant of Securosis, who was spouted to lead the project.
Mogull told on Monday that it should be less focused on providing a public number. It is process how Mozilla themselves can have a better track record their security endeavor. The aim of these metrics is to get better Mozilla’s ability to recognize how they carry out security development and respond to security problems and keep their users as safe as achievable.
Window Snyder, who is the chief of security at Mozilla, stated that she had desired to attain this from very begin joined the company before tow years. According to her she wanted that to have a more refined approach to assess the security of a project as time goes on. This means that limiting importance on the traditional risk criteria, like liability counts. She also stated with an example, the public is encouraged to search as many bugs as possible in the Firebox, which naturally drives the numbers up.
Custom Software Application Development
On the other hand, Microsoft does not publicly reveal its entire defect; in fact, for whiles the software massive comprises fixes as part of a service pack update and never reveals vulnerability details.
Snyder said that you would be never able to differentiate when if you’re comparing apples to apples.
As stated by Mogull that bottom security on bug counts is flawed because little vulnerability are openly discussed, and most are unknown until the moment a patch is released.
This is also true that only finding lots of bugs don’t mean that all the necessarily measure the security and may not give you any indication how well your security development process
Mogull said the model – a preliminary version (xls) has been released and users are encouraged to supply feedback – will be based on statistics which permit Mozilla to learn more things like when a bug was found in the development lifecycle that tools were used to find it and how quickly users updated to the latest patch.
