It takes courage to admit your product is insecure

July 25, 2007

Kudos to Mozzila’s chief security officer, Window Snyder (yes, that’s his real name), who wrote on this blog recently that Firefox was at least partly to blame for a vulnerability that affected Microsoft’s Internet Explorer as well. I had lambasted both firms recently for turning a serious security issue into a spat among rivals, but this marks a turning point.

“We thought this was just a problem with IE. It turns out, it is a problem with Firefox as well. We should have caught this scenario when we fixed the related problem in 2.0.0.5,” he writes. “We believe that defense in depth is the best way to protect people, so we’re investigating it now.”

Along with defence in depth should be added another collary: communication in depth, where CSOs and other security professionals are as up front as possible about their flaws. That’s when we all start learning. This shows both the power of transparency and the power of blogging as a medium for transparency.

Would you recommend this article?

Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.

Jim Love, Chief Content Officer, IT World Canada

Shane Schick http://shaneschick.com

Your guide to the ongoing story of how technology is changing the world

Featured Download

IT World Canada in your inbox

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.