[Linux-aus] Open Source Security and the Mozilla Metrics Program

[Chris Fordham]

On Fri, 04 Jul 2008 09:42:27 +1000, James Turnbull  
<james at lovedthanlost.net> wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Hi all
>
> A common argument about FOSS is "open source is more/less/elephant
> secure than closed source".  Conflated with this is the "there are more
> security holes/bugs in Firefox than IE/Safari/etc" discussion.
>
> To those of us who have spent time getting to the bottom of both
> discussions there haven't been a lot of data and statistics with any
> real science associated with them.  Indeed a lot of the metrics used by
> the security researchers and media are outright unreliable and
> occasionally subject to some bias.

Why would Secunia not be reliable?

> The Mozilla project has initiated a metrics program/project to track
> bugs and develop a baseline model for secure development.
>
> You can read about the project at
> http://blog.mozilla.com/security/2008/07/02/mozilla-security-metrics-project/.
>
> The project is advised by Rich Mogull (http://securosis.com/about/) - a
> well respected ex-Gartner security boffin.
>
> The site and the associated collateral is well worth a read and the
> results look to be interesting.
>
> Regards
>
> James Turnbull
>
> - --
> Author of:
> * Pulling Strings with Puppet
> (http://www.amazon.com/gp/product/1590599780/)
> * Pro Nagios 2.0
> (http://www.amazon.com/gp/product/1590596099/)
> * Hardening Linux
> (http://www.amazon.com/gp/product/1590594444/)
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.7 (Darwin)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
>
> iD8DBQFIbWPj9hTGvAxC30ARAqktAKCkKfVr1+l61zmEST6bfXJD6vcBYgCeKq5B
> lNhqUQR/IOUCZ6to41SD6dU=
> =COLZ
> -----END PGP SIGNATURE-----
>
> _______________________________________________
> linux-aus mailing list
> linux-aus at lists.linux.org.au
> http://lists.linux.org.au/listinfo/linux-aus



-- 
Using Opera's revolutionary e-mail client: http://www.opera.com/mail/