Firefox code under the microscope
So, the stories are out of the analysis of the code for Mozilla Firefox. It seems there were a large number of potential flaws found (71 potential security vulnerabilities) according to the article. This was done using an automated tool and many say, that in order to evaluate the true severity of the flaws, you have to be familiar with the code. Some, I’m sure will pounce on this with the “I thought open source software was supposed to be more secure…. I’m going back…” but it’s time to stop and think about things a moment. Open Source software…. anyone can access the source, anyone can analyze it for problems, anyone can run an automated tool to test it…..
Everything about the open source development process is out in the open. Microsoft is opening up a bit (I filed my first bug report for a Microsoft product in the last couple weeks.) But, they don’t allow the code for anyone to analyze. It’s a different approach to security (if we keep it secret no one will find it, vs…. open source which is – let’s tell everything so we can get the most bullet-proof code possible.)
So which approach is better? It’s hard to say definitively unless you’ve USED both approaches, but the thing I really like about the open development model IS THE FACT that EVERYONE has the opportunity to see what goes in the mix, which makes these third party analysis of code possible. Let’s speculate for the moment. IF mozilla-firefox were closed source. 1) We wouldn’t know about this analysis because it could never have happened, and many of the security issues that have been reported and fixed, might not have turned up yet because the code wasn’t there to look at.
The results of the analysis mentioned have been turned over to the developers and they will be reviewing and deciding which of the issues really pose a threat and how to prioritize fixing them.
It’s not a pretty process, and making it open could make for bad PR, that’s one reason some companies would never DREAM of making their code open.
Bottom line, it’s a GOOD thing that it’s been analyzed like this and that flaws have been found and reported to the developers, it can only make for a BETTER browser.
Popularity: 2% [?]
Related Posts - How to Remove Windows Smart Security (Removal Guide) Windows Smart Security is a rogue spyware application that may fool people into installing and purchasing due to the use of the words Windows and Security in the title. It may fool people into thinking that it is related to Microsoft Windows and perhaps even a part of the operating......
- List of Open Source software Packages The following is long, but likely not complete. This is a list of open-source software packages: Computer software licensed under an open-source license. Software that fits the Free software definition may be more appropriately called free software; the GNU project in particular objects to their works being referred to as......
- So who is behind Windows Police Pro Virus / Rogue Security Software? As I've seen the continuing FLOOD of searches for some way to Remove Windows Police Pro, I've been starting to wonder at the who is behind this particular piece of junk software. These programs aren't written by your average ordinary virus writer, there is really too much spit and polish......
Related Websites - Review of the Complete Photo Guide to Home Repair Black and Decker are known for the terrific DIY guides and this title is no exception. As the name suggests, you’re getting step by step photo instructions that make it easy for anyone to fix up their own home without having to be a professional handy person. You’ll get......
- Check Out Web-based Discussion Boards To Discover A Reputable Foreign Exchange Broker Where Your Resources Are Protected And The Spreads Are Reasonably Competitive. Furthermore learn how to automate your intelligent software applications and ensure you have also chosen a good software package that permits you to reveal the finest of anyone. These kinds of softwares are all visible and just about all effortless to master and additionally will tell you exactly how good......
- Update to Google Webmaster Tools Greasemonkey Script I recently made a minor update to my Google Webmaster Tools Greasemonkey script for displaying nofollow information. The script allows you to learn which incoming links to your website are nofollow links when viewing the detail for a site within Google Webmaster Tools. I have added functionality that will also......
Similar Posts
- Linux code drastically improved
- Vista’s fatal flaw?
- Fasten your seatbelts – Browser vulnerability a day to be announced in July
- Sky falls – bugs exist in the Linux kernel….
- Windows more secure than Linux?