Security Bytes

Jul 8 2008   12:33PM GMT

Mozilla aims for Firefox security metrics

Marcia Savage Marcia Savage Profile: Marcia Savage

Mozilla is working to develop metrics to measure the security of Firefox. The company has partnered with security researcher Rich Mogull on the project.

“We are trying to develop a model that goes beyond simple bug counts and more accurately reflects both the effectiveness of secure development efforts, and the relative risk to users over time,” Window Snyder, Mozilla’s security chief, wrote in a blog posting last week.

Specifically, the project aims to measure the effectiveness of secure development tools and techniques and how long it takes to protect users after new vulnerabilities are discovered. The information gleaned from the effort will support development of future versions of the open source browser and other Mozilla projects. The company invited feedback on the project.

“Our goal in this first phase of the project is to build a baseline model we can evolve over time as we learn what works, and what does not. We do not think any model can define an absolute level of security, so we decided to take the approach of tracking metrics over time so we can track relative improvements (or declines), and identify any problem spots,” Snyder wrote.

 Comment on this Post

There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

Share this item with your network: