MozillaZine

Timeline of Mozilla shell: Security Vulnerability

Friday July 9th, 2004

Adam Sacarny writes: "I have created a timeline of the latest security bug. It shows how quickly the Mozilla developers handled the problem, tracking from the first mention in Bugzilla to the last CVS commit to the webpage. Readers get a peak into how development works over at mozilla.org, in particular into how security issues get resolved."

We reported on the shell: security vulnerability yesterday. A NewsForge commentary also praises the speed with which the exploit was patched. A slightly more pessimistic view can be found in an article from Enterprise Security Today (part of the NewsFactor Network) entitled Mozilla Security Nightmare Begins (according to Bart Decrem, the author of the article did contact the Mozilla Foundation for comments but they lost his number and could not return the call).

Update: Adam, author of the timeline, has written a followup post with further commentary on the bug and its fix.


#23 Re: Re: Re: foobar

by raiph

Sunday July 11th, 2004 9:52 AM

You are replying to this message

You are indeed a curmudgeon. ;)

We're all human, so mistakes will be made, including losing phone numbers. No, I don't accept the argument that any particular individual mistake is unacceptable. Although I'm sure the story about the IBM VP who made one mistake, which cost $20m, who wanted to resign, and who was told by his boss "no way am I going to let such a good VP resign when I just spent $20m training her" is apocryphal, it makes a good point.

The more important issue is honesty. Do we have a group that is prepared to be honest? I was heartened that Bart made no bones, right from the get go, that he (or at least someone) had made that mistake. You can bet he's on the case to try to stop it happening again.

love raiph