Firefox code under the microscope



So, the stories are out of the analysis of the code for Mozilla Firefox. It seems there were a large number of potential flaws found (71 potential security vulnerabilities) according to the article. This was done using an automated tool and many say, that in order to evaluate the true severity of the flaws, you have to be familiar with the code. Some, I’m sure will pounce on this with the “I thought open source software was supposed to be more secure…. I’m going back…” but it’s time to stop and think about things a moment. Open Source software…. anyone can access the source, anyone can analyze it for problems, anyone can run an automated tool to test it…..


Everything about the open source development process is out in the open. Microsoft is opening up a bit (I filed my first bug report for a Microsoft product in the last couple weeks.) But, they don’t allow the code for anyone to analyze. It’s a different approach to security (if we keep it secret no one will find it, vs…. open source which is – let’s tell everything so we can get the most bullet-proof code possible.)

So which approach is better? It’s hard to say definitively unless you’ve USED both approaches, but the thing I really like about the open development model IS THE FACT that EVERYONE has the opportunity to see what goes in the mix, which makes these third party analysis of code possible. Let’s speculate for the moment. IF mozilla-firefox were closed source. 1) We wouldn’t know about this analysis because it could never have happened, and many of the security issues that have been reported and fixed, might not have turned up yet because the code wasn’t there to look at.

The results of the analysis mentioned have been turned over to the developers and they will be reviewing and deciding which of the issues really pose a threat and how to prioritize fixing them.

It’s not a pretty process, and making it open could make for bad PR, that’s one reason some companies would never DREAM of making their code open.

Bottom line, it’s a GOOD thing that it’s been analyzed like this and that flaws have been found and reported to the developers, it can only make for a BETTER browser.

Related Posts

Blog Traffic Exchange Related Posts
  • So who is behind Windows Police Pro Virus / Rogue Security Software? As I've seen the continuing FLOOD of searches for some way to Remove Windows Police Pro, I've been starting to wonder at the who is behind this particular piece of junk software. These programs aren't written by your average ordinary virus writer, there is really too much spit and polish......
  • What is Open Source Open source denotes that the origins of a product are publicly accessible in part or in whole. See Open source (disambiguation) for related topics and other meanings. This article focuses on open source as a modern or commonly used allusion to any open-source software (OSS) where its source code, its......
  • Linux network worm... There is a linux network worm (virus) in the wild, which I've mentioned already in an earlier post. I did want to take a few moments to highlight this and dispell a few myths. (This is the first linux virus I recall seeing over at SARC in the last couple......
Blog Traffic Exchange Related Websites
www.pdf24.org    Send article as PDF   

Similar Posts


See what happened this day in history from either BBC Wikipedia
Search:
Keywords:
Amazon Logo

Comments are closed.


Switch to our mobile site