MozillaZine

Frank Hecker on the Mozilla Security Bugs Policy

Thursday May 9th, 2002

Frank Hecker writes: "I've just posted to netscape.public.mozilla.announce a mozilla.org statement re the recently-reported (and fixed) Mozilla security vulnerability relating to XMLHttpRequest.

"I'll add my personal opinion that we (mozilla.org staff) have not been active enough in publicizing the current mozilla.org policy on security bugs and the security@mozilla.org reporting mechanism. I'll take personal responsibility for that failure; among other things, I neglected to do enough follow-up announcements after we created the security policy originally.

"I've tried to highlight the security bug policy information in the public statement referenced above, and I'll also try to make sure that the security@mozilla.org address and related information get highlighted in appropriate pages on the mozilla.org web site."


#1 Personal Responsibility

by whiprush <jorge@whiprush.org>

Thursday May 9th, 2002 9:09 PM

You are replying to this message

I'd just like to point out how cool it is for Frank to post this statement. It's this kind of pride in Mozilla that will make Mozilla the standard bearer for other crossplatform Open Source Projects.

In a world where companies would rather blame the reporters of bugs, or ignore them completely (glares at Microsoft) - it's good to see someone have the cohones to fix things.