[Linux-aus] Open Source Security and the Mozilla Metrics Program

James Turnbull james at lovedthanlost.net
Fri Jul 4 09:42:27 EST 2008


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi all

A common argument about FOSS is "open source is more/less/elephant
secure than closed source".  Conflated with this is the "there are more
security holes/bugs in Firefox than IE/Safari/etc" discussion.

To those of us who have spent time getting to the bottom of both
discussions there haven't been a lot of data and statistics with any
real science associated with them.  Indeed a lot of the metrics used by
the security researchers and media are outright unreliable and
occasionally subject to some bias.

The Mozilla project has initiated a metrics program/project to track
bugs and develop a baseline model for secure development.

You can read about the project at
http://blog.mozilla.com/security/2008/07/02/mozilla-security-metrics-project/.

The project is advised by Rich Mogull (http://securosis.com/about/) - a
well respected ex-Gartner security boffin.

The site and the associated collateral is well worth a read and the
results look to be interesting.

Regards

James Turnbull

- --
Author of:
* Pulling Strings with Puppet
(http://www.amazon.com/gp/product/1590599780/)
* Pro Nagios 2.0
(http://www.amazon.com/gp/product/1590596099/)
* Hardening Linux
(http://www.amazon.com/gp/product/1590594444/)

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFIbWPj9hTGvAxC30ARAqktAKCkKfVr1+l61zmEST6bfXJD6vcBYgCeKq5B
lNhqUQR/IOUCZ6to41SD6dU=
=COLZ
-----END PGP SIGNATURE-----



More information about the linux-aus mailing list