Frank Hecker on the Mozilla Security Bugs Policy

Thursday May 9th, 2002

Frank Hecker writes: "I've just posted to netscape.public.mozilla.announce a statement re the recently-reported (and fixed) Mozilla security vulnerability relating to XMLHttpRequest.

"I'll add my personal opinion that we ( staff) have not been active enough in publicizing the current policy on security bugs and the reporting mechanism. I'll take personal responsibility for that failure; among other things, I neglected to do enough follow-up announcements after we created the security policy originally.

"I've tried to highlight the security bug policy information in the public statement referenced above, and I'll also try to make sure that the address and related information get highlighted in appropriate pages on the web site."

#4 Let's give credit where credit is due

by frankhecker <>

Friday May 10th, 2002 7:58 AM

You are replying to this message

Let me clarify something: I personally had absolutely nothing to do with fixing the XMLHttpRequest security vulnerability (or any other Mozilla bug, for that matter). You should direct any praise to the Mozilla developers themselves, including in particular the various Netscape employees who participated in fixing the bug.