I read with interest this morning the writeup from Bleeping Computer on "Potential security vulnerability in Firefox?""Klocwork’s K7 static analysis tool was used to analyze the programming code for the latest version of Firefox 1.5.0.6. The tool reported that there are 655 defects and 71 potential security vulnerabilities. This analysis was then sent on to Firefox where they can determine what will be fixed or left alone."Defects seem to be inherent in software. However, that is not always the fault of the software. After all, as soon as a computer is taken out of the box, we add our own personal fingerprint, usually in the form of other software. No software can be tested against all possible interactions with other software programs.
As to the 71 potential security vulnerabilities, it appears that Mozilla.org has leadership to address security issues in Firefox. From eWeek:
*Emphasis added. Window really is Ms. Snyder's name. It is rather ironic that someone with the name "Window" has left Microsoft and will now be working for a competitor.
"Ex-Microsoft Security Strategist Joins Mozilla Ryan Naraine
September 6, 2006
Former Microsoft security strategist Window* Snyder is joining Mozilla to lead the company's effort to protect its range of desktop applications from malicious hacker attacks.Snyder, who was responsible for security sign-off for Microsoft's Windows XP Service Pack 2 and Windows Server 2003, will spearhead Mozilla's security strategy, eWEEK has learned.
The group has seen its flagship Firefox Web browser chip away at the market dominance of Microsoft's Internet Explorer, largely because of high-profile security flaws in and attacks on IE, and the addition of Snyder is sure to help beef up Mozilla's security process and improve its communications with bug finders."
No comments:
Post a Comment