MozillaZine

Frank Hecker on the Mozilla Security Bugs Policy

Thursday May 9th, 2002

Frank Hecker writes: "I've just posted to netscape.public.mozilla.announce a mozilla.org statement re the recently-reported (and fixed) Mozilla security vulnerability relating to XMLHttpRequest.

"I'll add my personal opinion that we (mozilla.org staff) have not been active enough in publicizing the current mozilla.org policy on security bugs and the security@mozilla.org reporting mechanism. I'll take personal responsibility for that failure; among other things, I neglected to do enough follow-up announcements after we created the security policy originally.

"I've tried to highlight the security bug policy information in the public statement referenced above, and I'll also try to make sure that the security@mozilla.org address and related information get highlighted in appropriate pages on the mozilla.org web site."


#2 Open Source application security

by gashu

Friday May 10th, 2002 4:00 AM

You are replying to this message

I expect Sardonix Security Portal to be something reliable for mozilla.org in the future. If this coordination is possible, Moz will have more advantages than any other commercial web browsers, I think.

Sardonix Security Portal <http://sardonix.org/index.html> Moz is first priority...maybe...? <http://sardonix.org/Browse_Programs.html>