Mozilla is working to develop metrics to measure the security of Firefox. The company has partnered with security researcher Rich Mogull on the project.
“We are trying to develop a model that goes beyond simple bug counts and more accurately reflects both the effectiveness of secure development efforts, and the relative risk to users over time,” Window Snyder, Mozilla’s security chief, wrote in a blog posting last week.
Specifically, the project aims to measure the effectiveness of secure development tools and techniques and how long it takes to protect users after new vulnerabilities are discovered. The information gleaned from the effort will support development of future versions of the open source browser and other Mozilla projects. The company invited feedback on the project.
“Our goal in this first phase of the project is to build a baseline model we can evolve over time as we learn what works, and what does not. We do not think any model can define an absolute level of security, so we decided to take the approach of tracking metrics over time so we can track relative improvements (or declines), and identify any problem spots,” Snyder wrote.