Mozilla Security: More Than Meets The 'Aye'
If open source by definition means that code is open, then why is Mozilla having some of its code discussions behind closed doors? The reason is simple: to protect users.
Last week security researcher Robert Chapin alleged that Mozilla's security process wasn't open. According to Chapin, certain key discussions surrounding the resolution of security issues with Mozilla Password Manager that he first reported last November were less than entirely open.
Window Snyder, head of security strategy at Mozilla Corp., told internetnews.com that the allegation that Mozilla is not open is not the case. Snyder argued that Mozilla is as open as it can be and even somewhat democratic.
In addition to the publicly available Bugzilla bug database, Mozilla also has a separate security group with membership made up from both Mozilla and the wider community. Currently the group has 86 individual members, with Google, Red Hat, IBM, Sun, Ubuntu and Cenzic among the different groups represented.