All of the readers of this blog depend increasingly on the Internet for many aspects of our lives; this is why the security of Mozilla products and services is extremely important, as stated in the Mozilla Manifesto:
Individuals’ security on the Internet is fundamental and cannot be treated as optional.
My colleague Michael Coates has just published a new article on Mozilla’s security blog: Mozilla’s Commitment To Security.
Here is an excerpt:
In the spirit of Mozilla and our pledge to being open, we report all of our security issues to the public. We don’t just show bugs when someone else publicly discusses an issue or when it is convenient to us; we’re open and transparent as a matter of principle.
When a security issue is present that impacts our users we’ll tell the world what we know, what it means to our users and what we’re doing to address the concern. Our pledge is to provide this information to our users as soon as we know it and fix the issue as quickly and responsibly as possible.
Mozilla was the first organization making an open source browser back in 1998, almost 15 years ago, and the industry has followed, with some competitors being partly open source. But we’ve gone further than this to improve security through transparency, as explained by Michael.
Let’s take the innovative topic of fuzzing, which Michael defines as “sending a variety of malformed data into our applications to ensure our products properly handle all sorts of unexpected scenarios that could otherwise lead to vulnerabilities.” Mozilla has been on the bleeding edge of fuzzing in order to harden our applications and improve security. But we have also done something that is not so common, which is to share our tools with our competitors so that they can in turn improve their own applications. We also publicly share our knowledge on such topics in order to improve security for desktop and mobile browsers.
If Mozilla were a commercial organization, it would not make a lot of sense to help our competitors, because it would make them stronger and hurt our bottom line. But Mozilla is a not-for-profit organization, and it makes sense to help competitors improve their products, as it serves Mozilla’s mission: Make the Web a better place for everyone, including those who use other browsers.