Firefox code under the microscope



So, the stories are out of the analysis of the code for Mozilla Firefox. It seems there were a large number of potential flaws found (71 potential security vulnerabilities) according to the article. This was done using an automated tool and many say, that in order to evaluate the true severity of the flaws, you have to be familiar with the code. Some, I’m sure will pounce on this with the “I thought open source software was supposed to be more secure…. I’m going back…” but it’s time to stop and think about things a moment. Open Source software…. anyone can access the source, anyone can analyze it for problems, anyone can run an automated tool to test it…..


Everything about the open source development process is out in the open. Microsoft is opening up a bit (I filed my first bug report for a Microsoft product in the last couple weeks.) But, they don’t allow the code for anyone to analyze. It’s a different approach to security (if we keep it secret no one will find it, vs…. open source which is – let’s tell everything so we can get the most bullet-proof code possible.)

So which approach is better? It’s hard to say definitively unless you’ve USED both approaches, but the thing I really like about the open development model IS THE FACT that EVERYONE has the opportunity to see what goes in the mix, which makes these third party analysis of code possible. Let’s speculate for the moment. IF mozilla-firefox were closed source. 1) We wouldn’t know about this analysis because it could never have happened, and many of the security issues that have been reported and fixed, might not have turned up yet because the code wasn’t there to look at.

The results of the analysis mentioned have been turned over to the developers and they will be reviewing and deciding which of the issues really pose a threat and how to prioritize fixing them.

It’s not a pretty process, and making it open could make for bad PR, that’s one reason some companies would never DREAM of making their code open.

Bottom line, it’s a GOOD thing that it’s been analyzed like this and that flaws have been found and reported to the developers, it can only make for a BETTER browser.

Related Posts

Blog Traffic Exchange Related Posts
  • Linux network worm... There is a linux network worm (virus) in the wild, which I've mentioned already in an earlier post. I did want to take a few moments to highlight this and dispell a few myths. (This is the first linux virus I recall seeing over at SARC in the last couple......
  • Testing your firewall for open ports For several years now I've used a neat tool at Gibson Research to test a clients firewall quick and easy from the web browser. They have a tool called Shields Up that does a limited port scan to determine of network ports are open, closed or "stealth". One of the......
  • Windows more secure than Linux? For the last week, I've seen various headlines referring to a report from US-CERT that indicated 2005 had 5,198 security flaws reported. Out of those 2,328 were reported for Linux/Unix, 812 for Windows and 2,058 affecting more than one operating system. Now, I'm seeing all sorts of headlines about how......
Blog Traffic Exchange Related Websites
  • Review of the Complete Photo Guide to Home Repair Black and Decker are known for the terrific DIY guides and this title is no exception. As the name suggests, you’re getting step by step photo instructions that make it easy for anyone to fix up their own home without having to be a professional handy person. You’ll get......
  • Windows 7 Sales Spike to Overtake Mac OS X [/caption]Proving there is no accounting for taste Microsoft’s latest attempt at a decent operating system, Windows 7, is now running on 5% of the computers online.  The daily average of online users as measured by Internet metrics company Net Applications showed that an increase last week put Windows 7 above......
  • New threat: Hackers look to take over power plants LOLITA C. BALDOR, Associated Press Writer WASHINGTON — Computer hackers have begun targeting power plants and other critical operations around the world in bold new efforts to seize control of them, setting off a scramble to shore up aging, vulnerable systems. Cyber criminals have long tried, at times successfully, to......
PDF24    Send article as PDF   

Similar Posts


See what happened this day in history from either BBC Wikipedia
Search:
Keywords:
Amazon Logo

Comments are closed.


Switch to our mobile site