Slashdot Mirror

← Back to Stories (view on slashdot.org)

Mozilla Launches Security Metrics Project

Posted by Soulskill on from the how-do-you-measure-transparancy dept.

Earthweb passes along a ZDNet article which notes, "In partnership with indie security consultant Rich Mogull, Mozilla has launched a valuable Security Metrics Project that — we can only hope — could help to put an end to the silly notion that patch-counting helps to determine a product's security posture. The idea is to develop a metrics model that goes beyond simple bug counts to reflect accurately the effectiveness of secure development efforts and the relative risk to users over time. Mogull has released a spreadsheet (.xls) with a preliminary version of the model and Mozilla's Window Snyder is actively seeking feedback to make the project open and meaningful."

2 of 18 comments (clear)

  1. Ten Fucking Days by Anonymous Coward · · Score: 2, Interesting

    Where's the fix for the suspiciously-timed Firefox 3 (and 2) code execution bug? That would boost security.

  2. Hmmm by Anonymous Coward · · Score: 3, Interesting

    So, we don't like the current stats because they make us look bad; so lets try to create a new "standard" which will make us look better? A standard that can only really be applied to open source, because you can't see the bug count in closed source?

    Wow. That really smells.