Free Newsletter
Register for our Free Newsletters
Newsletter
Zones
Access Control
LeftNav
Alarms
LeftNav
Biometrics
LeftNav
Detection
LeftNav
Deutsche Zone (German Zone)
LeftNav
Education, Training and Professional Services
LeftNav
Government Programmes
LeftNav
Guarding, Equipment and Enforcement
LeftNav
Industrial Computing Security
LeftNav
IT Security
LeftNav
Physical Security
LeftNav
Surveillance
LeftNav
View All
Other Carouselweb publications
Carousel Web
Defense File
New Materials
Pro Health Zone
Pro Manufacturing Zone
Pro Security Zone
Web Lec
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
 
News

Disclosure war between Mozilla and Opera unhelpful to end users.

Fortify : 21 February, 2008  (Technical Article)
Browser vulnerability shared between Mozilla and Opera gives Mozilla the advantage as it issues a patch without disclosing the problem to Opera with enough time for them to issue a similar fix.
Fortify Software says that the developing security 'disagreement' between Mozilla and Opera Software is the direct result of Mozilla only giving the Opera development team 24 hours notice of going public on security flaws in the popular Web browser software.

'Mozilla has recently released a security advisory - as well as a patch - for a 'focus shifting' vulnerability in its browser. Unfortunately for Opera Software, however, the flaw also appears to affect its Web browser too,' said Brian Chess, Fortify's founder and chief scientist.

'The slightly bad news, however, is that Mozilla appears to have only given Opera a day's notice of its intention to issue the patch and advisory, which is not enough time for Opera to investigate the issue, let alone develop and distribute a patch for the problem,' he added.

According to Chess, whilst Fortify Software supports responsible disclosure, the moral of the story is that companies cannot rely on the kindness of strangers when it comes to disclosure on the Internet.

'Opera Software can cry foul over Mozilla's actions on the security issue, but the bottom line is that you cannot expect a third-party organisation to function as your security quality control department,' he said.

'It is the responsibility of the vendor to be completely pro-active when it comes to the security of their software,' he added.
Bookmark and Share
 
Home I Editor's Blog I News by Zone I News by Date I News by Category I Special Reports I Directory I Events I Advertise I Submit Your News I About Us I Guides
 
   © 2012 ProSecurityZone.com
Netgains Logo