Slashdot Mirror

← Back to Stories (view on slashdot.org)

Mozilla.org Publishes Security Policy

Posted by michael on Wednesday November 7, 2001 @09:18AM from the lizard-wrangling dept.

benb from Beonex writes: "mozilla.org agreed upon a policy how to handle reports about severe security vulnerabilities. It is about to be implemented. In the future, you will find information about most security bugs at the known vulnerabilities page; there will also be an announce mailing list. In case you are interested, you can read my own review (and the security module owner's response) of the policy."

1 of 9 comments (clear)

Min score:

Reason:

Sort:

Re:Nice, but what does it mean in practice? by Anonymous Coward · 2001-11-07 15:11 · Score: 1, Interesting

I thought the point is that bugs will be stored on BugTrack but not publicly available until a small group of security people certify it to be (and they have to send round a global email to each other.) This means that security problems will be reported but not particularly publicly. I am concerned, however, that the Mozilla team may not be taking security bugs as seriously as it could if it's refusing to publish what's happening.