Mozilla Launches Security Metrics Project 18
Earthweb passes along a ZDNet article which notes,
"In partnership with indie security consultant Rich Mogull, Mozilla has launched a valuable Security Metrics Project that — we can only hope — could help to put an end to the silly notion that patch-counting helps to determine a product's security posture. The idea is to develop a metrics model that goes beyond simple bug counts to reflect accurately the effectiveness of secure development efforts and the relative risk to users over time. Mogull has released a spreadsheet (.xls) with a preliminary version of the model and Mozilla's Window Snyder is actively seeking feedback to make the project open and meaningful."
Ten Fucking Days (Score:2, Interesting)
Where's the fix for the suspiciously-timed Firefox 3 (and 2) code execution bug? That would boost security.
Hmmm (Score:3, Interesting)
So, we don't like the current stats because they make us look bad; so lets try to create a new "standard" which will make us look better? A standard that can only really be applied to open source, because you can't see the bug count in closed source?
Wow. That really smells.