• Tweet

• Tweet

The company this week, Mozilla has attracted attention not too good after a former volunteer groups criticized the slow response to reports of bugs. All this happens in the wake discuss the initiative of “quick release”, whereby the group has promised to release an updated version of its Firefox browser every 16 weeks. Mozilla solution dramatically accelerate its development cycle met with enough resistance to make the chair of the Mitchell Baker on the defensive .

In addition, Mozilla criticism on its handling of security vulnerabilities has fallen at a time when Firefox continues to lose market share and credibility in browser space. For example, a recent report by NSS Labs browser security showed that Firefox 4 capture only 7.6% of malicious threats, developed with the help of social engineering. This figure is much lower than that of Internet Explorer 9, which intercepted 99.2%, as well as in Chrome, which managed to detect 13.2% of threats. Results of Firefox was 11.4% lower than the 19% level of protection extended to test the third quarter of 2010, reflecting a general decline in protection of Firefox.

This time, the author of the scandalous publication, elevating the disadvantages of Mozilla with a buggy, was Tyler Downer, who resigned from the volunteer Mozilla because of frustration. In the message dated August 27, he wrote that despite the fact that he supported the initiative of the quick-release, he was disappointed with its impact on a team of people responsible for processing and confirmation of delivered end-user reports bugs.

Here’s his argument (which he explained in a subsequent communication): The group does not have the time or resources to review all submitted bugs and compliance rate of release of Firefox. ”With the old model release – the new version once a year – in support had more time to consider a vast array of bugs, identify weaknesses and problems, there was quite a big chance that most of the bugs will be fixed, if only because that is on our side there was a time …. At least in theory. Even this process has failed, “- he wrote.

Tyler did not go into details of how this process has failed, but Firefox took 5th position in the list Bit9 10 most vulnerable software in 2010, after Safari (No. 2) and Chrome (number 1).

To illustrate the difficulties faced by the team to respond to vulnerability due to the rapid release, Tyler said that at the moment, Firefox has 6000 unconfirmed bugs (which, however, should not be confused with the 6000 actual vulnerabilities).”These bugs are duplicates and bugs that have already been resolved bugs caused due to user errors, bugs, caused by a third-party software, and so on. I just wanted to reiterate the need to do a better job to address bugs. Do not pass on the list, difficult to determine which bugs are active and which not, “- he wrote.

Tyler gave some advice on Mozilla better handling reports of bugs, including the need for greater responsibility and courtesy to customers who provide them, and to establish better coordination within the community, Mozilla, to study the reports of bugs timely, effective and coordinated manner, perhaps using software tools for better management of error reports.

Tyler still is not entirely pessimistic about the fate of Mozilla Firefox. ”The situation with the response is not entirely hopeless. I was at the talks in the past few days and see a good opportunity to improve in Mozilla …. Will be a new tool ‘Tell Us More’, which will be put into practice some of the desired change me” – wrote he said.

Recommended Reading

• Security News
• ISC: July 9, 300 thousand infected with DNS Changer computers will be disconnected from the Network
• Google blacklist includes the most popular sites
• Security and Compliance Auditing in the Cloud

Share