firefox-120.jpgKudos to Mozzila’s chief security officer, Window Snyder (yes, that’s his real name), who wrote on this blog recently that Firefox was at least partly to blame for a vulnerability that affected Microsoft’s Internet Explorer as well. I had lambasted both firms recently for turning a serious security issue into a spat among rivals, but this marks a turning point.

“We thought this was just a problem with IE. It turns out, it is a problem with Firefox as well. We should have caught this scenario when we fixed the related problem in 2.0.0.5,” he writes. “We believe that defense in depth is the best way to protect people, so we’re investigating it now.”

Along with defence in depth should be added another collary: communication in depth, where CSOs and other security professionals are as up front as possible about their flaws. That’s when we all start learning. This shows both the power of transparency and the power of blogging as a medium for transparency.



Related Download
Creating Efficiencies In Vendor Risk Management Sponsor: BitSight
Creating Efficiencies In Vendor Risk Management
In this eBook, we'll explore how vendor risk management (VRM) has traditionally been handled, why traditional strategies alone are inadequate, and advices for vendor risk managers on how to effectively and efficiently mitigate cyber risk.
Register Now
Uncategorized