[Linux-aus] Open Source Security and the Mozilla Metrics Program
James Turnbull
james at lovedthanlost.net
Fri Jul 4 09:42:27 EST 2008
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi all
A common argument about FOSS is "open source is more/less/elephant
secure than closed source". Conflated with this is the "there are more
security holes/bugs in Firefox than IE/Safari/etc" discussion.
To those of us who have spent time getting to the bottom of both
discussions there haven't been a lot of data and statistics with any
real science associated with them. Indeed a lot of the metrics used by
the security researchers and media are outright unreliable and
occasionally subject to some bias.
The Mozilla project has initiated a metrics program/project to track
bugs and develop a baseline model for secure development.
You can read about the project at
http://blog.mozilla.com/security/2008/07/02/mozilla-security-metrics-project/.
The project is advised by Rich Mogull (http://securosis.com/about/) - a
well respected ex-Gartner security boffin.
The site and the associated collateral is well worth a read and the
results look to be interesting.
Regards
James Turnbull
- --
Author of:
* Pulling Strings with Puppet
(http://www.amazon.com/gp/product/1590599780/)
* Pro Nagios 2.0
(http://www.amazon.com/gp/product/1590596099/)
* Hardening Linux
(http://www.amazon.com/gp/product/1590594444/)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFIbWPj9hTGvAxC30ARAqktAKCkKfVr1+l61zmEST6bfXJD6vcBYgCeKq5B
lNhqUQR/IOUCZ6to41SD6dU=
=COLZ
-----END PGP SIGNATURE-----
More information about the linux-aus
mailing list