Jean-Marc Desperrier wrote:
Ian G wrote:
http://www.ebcvg.com/articles.php?id=673
Mozilla: The Honeymoon is over
Well, this time it's the analysis by the expert who's selling
antivirus/http filters.
Unfortunately, many will fail to his incredibly specious assessments
about the recent vulnerabilities in Mozilla without realizing how little
objectivity he can have in the case.
Exactly. The sad fact is that almost all writing
on security is biased towards selling some product,
and has no foundation in security. Even those that
are not selling for money are generally bound up
in some model that they've bought into which are
then sold as if money depended on it.
(E.g., the OpenPGP, SSH, SSL worlds which never
ever agree.)
In this environment, it means that the ones with the
loudest voices and the biggest willingness to tell
lies will win. Which means that when Microsoft
catches up, you can expect a very aggressive PR
campaign to kill Mozilla's rep for security. That
battle can't be won, in the public mind, if it is
simply going to be played out on a field of
"security is patches and code audits."
"Some of the common Mozilla exploits ScanSafe is stopping" : How long
should I laugh ? Can they even tell they were faster at beginning
filtering them than mozilla.org was at implementing the fix ?
Sure. It's not those guys who you need to
worry about, it's the whole meta-issue of what
happens when Microsoft develops sufficient fixes
to be able to start shooting. Right now they are
keeping mum, simply because they know that they
cannot shoot blanks. They have to reload. And
they are reloading as we speak.
And perhaps they are being helped by some early
leading indicators like the honeymoon being over.
Gee, if I was microsoft, I'd pay to get a trickle
of preparatory articles floating out there.
iang
--
News and views on what matters in finance+crypto:
http://financialcryptography.com/
_______________________________________________
Mozilla-security mailing list
[email protected]
http://mail.mozilla.org/listinfo/mozilla-security
