mozilla security metrics project

Window Snyder blogged about this yesterday and today Ryan Naraine has an article up, Can Mozilla’s security metrics project end the patch-counting nonsense? that I think hits the nail right on the head.

Security is serious. It's not the place for vendors to be opaque and the press to be sensationalist. Mozilla, beyond its great track-record on client application security and best in the world openness, is working to bring some sanity to the larger browser security landscape with a new program that will hopefully, as Ryan says, "put an end to the silly notion that patch-counting helps to determine a product’s security posture."

Go give Window's blog post a read -- and don't forget that you have a chance to participate, here, in a community interview with Window so if you've got questions for her, head over to the interview post and ask them.

Posted by asa on July 3, 2008 10:43 AM

reactions, thoughts, comments, etc.

Patch-counting nonsense. Is that like download-counting nonsense?

Posted by: Andrew Gregory | July 3, 2008 6:52 PM

I never had too much of a problem with the bug counting stuff (or more accurately CVE or MFSA numbers).

Personally I think (and blogged) that Cisco and Oracle have already mostly got this right and it would be neat to see Mozilla do the same.

Posted by: Sean Kerner | July 8, 2008 8:22 AM










Remember personal info?