CIO.COM: Can Mozilla Support Their Security Claims?

mozsec1 Stitch

Mozilla bills Firefox as the most secure Web browser on the planet, but is it really? Follow along with this series and see if the claims hold up to close scrutiny.

Today, I started a multi-part article series on cio.com (Security landing page:  http://www.cio.com/topic/1419/Security) probing Mozilla’s claims of security superiority.  My plan is to post up a new article every few days probing aspects of claims they’ve made either on the Firefox security page or in some other public forum.

As most of you know, writing secure software is a hard and takes commitment, process and ongoing focus.  And in general, I think Mozilla has shown that they take security seriously are making best efforts to build in good security quality.

With that in mind, it was perhaps a bit bold of Mozilla to make security claims from the first day they shipped Firefox.

Even giving them the benefit of the doubt that they’ve been focused on security since before the release of Firefox 1.0 back in November 2004, did they immediately do everything better than the rest of the industry?  Did they have no lessons to learn with respect to security?

When I think about the almost-seven-years that Microsoft has been actively working under the Trustworthy Computing initiative and the work done to continually improve the SDL process, I find that hard to accept without some supporting proofpoints.

So, don’t think that I am claiming Microsoft or anybody else has it perfect yet either, it is definitely an industry-wide challenge and will be for some time to come.

However, if Mozilla chooses to make security a marketing theme and claim to be “the safest web browser”, then I also believe it opens those claims to efforts at fact-checking and open discussion.  Feel free to express your disagreement or support ;-)

Regards ~ Jeff

About the Author
Jeff Jones

Principal Cybersecurity Strategist

Jeff Jones a 27-year security industry professional that has spent the last decade at Microsoft working with enterprise CSOs and Microsoft's internal teams to drive practical and measurable security improvements into Microsoft products and services. Additionally, Jeff analyzes vulnerability trends Read more »