Slashdot Mirror

← Back to Stories (view on slashdot.org)

Mozilla Launches Security Metrics Project

Posted by Soulskill on from the how-do-you-measure-transparancy dept.

Earthweb passes along a ZDNet article which notes, "In partnership with indie security consultant Rich Mogull, Mozilla has launched a valuable Security Metrics Project that — we can only hope — could help to put an end to the silly notion that patch-counting helps to determine a product's security posture. The idea is to develop a metrics model that goes beyond simple bug counts to reflect accurately the effectiveness of secure development efforts and the relative risk to users over time. Mogull has released a spreadsheet (.xls) with a preliminary version of the model and Mozilla's Window Snyder is actively seeking feedback to make the project open and meaningful."

1 of 18 comments (clear)

  1. Re:Where's the ODF version? by friedegg · · Score: 2, Informative

    From the site (I know, I know):

    The same content as a set of .csvs is available here: http://securosis.com/publications/MozillaProject.zip

    --
    Google doesn't index user sigs, so stop trying to "Google Bomb" with them.