Slashdot Mirror

← Back to Stories (view on slashdot.org)

Another Look At Mozilla's BugFix Rate

Posted by Zonk on from the must-go-faster dept.

An anonymous reader writes "Washingtonpost.com's Security Fix blog has published the results of a look back at three years worth of critical patches from Mozilla, and found that Mozilla typically ships updates for critical flaws in about three weeks, though in more than a third of the cases it pushed out a fix in ten days or less. The data comes just a few weeks after The Post published data from a similar study that found Microsoft averaged 130+ days to fix critical flaws. Slashdot also covered that study in a previous post."

6 of 174 comments (clear)

  1. "from the must-go-faster dept." by Cutriss · · Score: 4, Insightful

    Funny. IMHO, the speed of the browser peaked a long time ago (0.8 IIRC), and now it's just getting progressively slower over time.

    They might be fixing critical security bugs, but they certainly don't seem to be fixing memleaks and such.

    --
    "Mod, mod, mod...and another troll bites the dust."
    1. Re:"from the must-go-faster dept." by bdaehlie · · Score: 4, Informative

      The Mozilla developers spend quite a bit of time on reducing memory usage and leaks. The issue is taken very seriously. All I said was that leaks exist, and that they don't indicate that Mozilla's entire codebase is sloppy. That doesn't mean Mozilla developers aren't doing anything about them or they think they are OK.

      CyricZ, please stop trying to get attention by being dramatic and twisting words. Your criticism is not contructive, just uninformed and inflamatory.

      P.S. Re: "the attitude of the Firefox developers" - I am only one Firefox developer. I am not speaking for any other devs.

  2. MS Release Cycle by Azarael · · Score: 4, Insightful

    In fairness, everything that I've read about MS's patch cycle indicates that it is a pretty huge undertaking. Joel from http://joelonsoftware.com/ is always going on about have every single code fix/feature addition has to go through a whole bunch of people (several testers, documentation team, etc) before it can be released. If anything maybe Microsoft is a bit too thorough with their patches, in some ways at least.

  3. It's just numerology. by Ancient_Hacker · · Score: 4, Interesting
    Kinda reminds me of story about the Soviet shovel factory that was given a quota to ship 500 tons of shovels per month.

    No problem, they just made the shovels REALLY HEAVY, so they only had to make a few of them.

    Software metrics are very slippery things.

  4. Be Fair by XMilkProject · · Score: 4, Funny

    To be fair, Microsoft's flaws are alot more serious, so it's only logical they will take longer to fix.

    <laugh\>

    --
    Big ones, small ones, some as big as yer 'ead!
    Give 'em a twist, a flick o' the wrist...
  5. Not really fair... by RyoShin · · Score: 4, Insightful

    Skimming through the previous Slashdot story, it looks like the Microsoft vulnerabilities covered both the OS and IE, not just IE. Mozzilla, afaik, only does the browsing and mail programs.

    Granted, that's no small task, but it still isn't on the level of fixing an O.S., in my opinion. It's like comparing apples and pumpkins.

    It would be better to compare Windows patch release time with Linux patch release time, which I believe has been done before (and then covered on Slashdot- Linux probably had the shorter time.)

    Regardless, how much does market share factor into this? With Linux, if a patch breaks a program, most people can just shrug it off and rewrite the program to work with the patch. So mass testing isn't as big of an issue. With Windows, if a patch breaks a program, a user doesn't have a lot they can do except to sit there and weep until Company X releases their own patch or next version.