Mozilla: We'll patch critical flaws in 10 days

Posted on Monday, Aug 06 2007 @ 18:39 CEST by Thomas De Maesschalck
Mozilla executive Mike Shaver promised Mozilla will patch any critical vulnerability in its software within 10 days.
Mozilla executive Mike Shaver backed up his claim by scrawling it on a business card at the Black Hat security conference in Las Vegas last week and handing it to Robert Hansen, CEO of SecTheory.com, who also runs the ha.ckers.org Web site. Hansen posted a photo of Shaver's business card, including the claim "Ten fucking days."

"I told him I would post his card -- and he didn’t flinch. No, he wasn’t drunk. He’s serious," Hansen wrote in his blog.

Web browser security has become increasingly important with the rise in use of Web-based applications, from Google's Gmail to social networking sites such as Facebook.com and enterprise software-as-a-service programs such as Salesforce.com. A security vulnerability within a Web browser can put a user's data at risk and make a PC vulnerable to hackers.

Shaver's 10-day pledge applies to "critical" vulnerabilities, although there is no standard for such a rating, and different companies evaluate levels of risk in different ways. Another condition is that the vulnerability is disclosed responsibly, meaning Mozilla is notified of the issue before it is publicized.

The pledge sparked some debate about whether Mozilla will be able to keep to it.

"I've always been a fan of Mozilla and Firefox, however, this is a pretty bold claim for a company of any shape or size," Hansen wrote.


About the Author

Thomas De Maesschalck

Thomas has been messing with computer since early childhood and firmly believes the Internet is the best thing since sliced bread. Enjoys playing with new tech, is fascinated by science, and passionate about financial markets. When not behind a computer, he can be found with running shoes on or lifting heavy weights in the weight room.



Loading Comments