digg

Facebook Connect Join Digg About

Mozilla Says “Ten ***** Days”

ha.ckers.org At the Blackhat conference in Las Vegas, Mozilla lays down the gauntlet and claims that they can fix any critical vulnerabilities within 10 days. Wow.

Who dugg this? Made popular Aug 4, 2007

Digg DudeWhat is Digg?

Digg is a place for people to discover and share content from anywhere on the web. Digg surfaces the best stuff as submitted and voted on by the community. Take the Tour to learn more.

129 Comments

show profanity settings
expand all
  • useful, on 10/10/2007, -25/+25010 days is a lot better than microsofts 10 ***** months/weeks
  • mt066, on 10/10/2007, -1/+176Added Mozilla: "...bitches."
  • inactive, on 10/10/2007, -22/+152Where's the 10 day fix for the memory leaks?
  • sirdaz, on 10/10/2007, -9/+139That's a pretty dangerous claim to make. Sure most problems can be fixed within "10 ***** days", but there's always that one problem that may take a while. And when/if it comes, this statement will come bite them rite on the ass.
  • jeremymccurdy, on 10/10/2007, -2/+46Firefox, the browser with balls.
  • glasgowm, on 10/10/2007, -3/+41I’ll do a more thorough writeup of the craziness that is Blackhat, but this I thought should go out ahead of all the other stuff. I don’t have a lot of time so I’ll try to make this story short. Two days ago after Jeremiah and my talk (you can get the slides off of the WhiteHat site) a number of people from Mozilla came up and said they wanted to talk more about the issues we were finding and other suggestions we might have (I’ll going to write this part up more thoroughly later in a separate post as well). We were also invited to the Mozilla “milk and cookies pajama party” which is pretty much exactly as it sounds.

    We showed up, and nearly immediately I was surrounded by the bulk of the Mozilla QA and security team that was attending Blackhat. They asked me lots of questions, and gave me lots of info. It was a pretty equitable trade of information. Clearly, they acknowledge that they need help from the community but they also feel confident that once things come to their attention it’s simply a matter of days to close their holes. They said the recent rollouts were actually slower than they would have liked them to be, even though they were only a week and a half apart. Further, they said that they could roll out any critical patches within 10 days. Not one to let challenges go untested I called BS.

    At this point Mike Shaver threw down the gauntlet. He gave me his business card with a hand written note on it, laying his claim on the line. The claim being - with responsible disclosure Mozilla can patch and deploy any critical severity holes within “Ten ***** Days”:

    I told him I would post his card - and he didn’t flinch. No, he wasn’t drunk. He’s serious. I’ve always been a fan of Mozilla and Firefox however this is a pretty bold claim for a company of any shape or size. I shopped the business card around to some various people while I was at the Microsoft party the next day to get people’s reaction. The consensus was that it was funny, very difficult to achieve and in one case, one of the head guys of security at Amazon simply doubted that the patches would be of sufficient quality. I’m not going to comment on my personal feelings on this matter except to say that I’d love to see Mozilla back up their promise.
  • pendrachken, on 10/10/2007, -12/+49you forgot YEARS
  • backoff34, on 10/10/2007, -1/+36Hell maybe this will be the first time a software company makes good on patch promises. We'll see.
  • FadieZ, on 10/10/2007, -2/+36AOL Parental control FTL!
  • bhavinp, on 10/10/2007, -14/+46Usually an operating system is a lot bigger than an Internet browser.
  • AnonymousFan9, on 10/10/2007, -3/+35The most logical answer is that you have gone insane.
  • victorycig, on 10/10/2007, -0/+26Holy *****! Duggmirror caught it!
  • mattmcm, on 10/10/2007, -2/+26It isn't censored for me at all.
  • mbthompson, on 10/10/2007, -0/+24Must be hard to walk with nuts that big.

    My hats off to Mozilla... and their ginormous nuts.
  • inactive, on 10/10/2007, -0/+21http://duggmirror.com/security/*****
  • sleepwalkers, on 10/10/2007, -8/+29Hell, I'd consider myself blessed if I could get one "***** day", let alone *TEN* of 'em.
    And I'm an atheist!
  • JohnM5, on 10/10/2007, -4/+25First of all, many of the memory problems are due to firefox caching previously visited sites so they load faster. Memory is there to help speed things up after all. You can disable that *feature* via about:config (You can find the exact value at kb.mozillazine.org)
    Firefox 3 will include a Cycle Collector which should help fix some other memory problems. There is a Leak Monitor extension and a leak monitor script which can help identify leaks. You could use those yourself and report leaks, but its easier to complain about it.
  • Dustmuffins, on 10/10/2007, -2/+20We were talking about browsers. IE vs FF
  • Vltava, on 10/10/2007, -9/+26Ten ***** days to load.
  • inactive, on 10/10/2007, -0/+16assless kind
  • Ethek, on 10/10/2007, -3/+17Dugg for the use of quotation marks.
  • TrainingName, on 10/10/2007, -1/+14That's what she said.
  • fkr3, on 10/10/2007, -2/+1510 days to fix a critical bug isn't so much. They have teams of people completely ignoring the years-old non-critical bugs, it'll give them something do.
  • MarkOfTheDead, on 10/10/2007, -1/+13what kinda pajamas was everyone wearing?
  • inactive, on 10/10/2007, -1/+11And what, Mozilla just releases the patches without testing them?
  • erikerikerik, on 10/10/2007, -4/+14umm, not to rain on your fine well thought out, well researched parade, but MS has the fastest turn around time for critical patches.
    And likes for that mm'hmm goodness.

    http://www.internetnews.com/security/article.php/3667201
    http://blogs.csoonline.com/windows_vista_6_month_vulnerability_report
    http://www.zdnet.com.au/news/security/soa/Mac-OS-X-hacked-under-30-minutes/0,130061744,139241748,00.htm
    http://www.google.com

    But since your on DIGG I figure you wont read the links so I will sum it up for you.
    "damn those Ms bitches are fast!"
  • PatrickBrown, on 10/10/2007, -1/+11To be fair, Mozilla only ***** on Monday and Thursday nights.
  • skinturtle, on 10/10/2007, -0/+8Oh great...this is gonna end up being the next big internet buzz phrase.
  • adrianmonk, on 10/10/2007, -0/+8If you can read the article, the mozilla guy scrawled "ten ***** days" on his business card, then drew a big arrow pointing to his cell phone number.
  • Depthfunction, on 10/10/2007, -0/+8Bring it on.
  • inactive, on 10/10/2007, -0/+8"Ten ***** Days" ought to be enough for anybody :)
  • HUKI365, on 10/10/2007, -0/+7IT censored it for me on my iGoogle page, then when I came her title and actual story were not censored.
  • xShad0w, on 10/10/2007, -1/+8I have the same problem, check google profanity settings though i guess
  • jeremymccurdy, on 10/10/2007, -0/+6Ever hear of "auto-update"?
  • Frosty122, on 10/10/2007, -0/+6it is but not 100% and they are aware of this, by doing this sort of challenge, it exposes more weaknesses of the browser, and with every patch it becomes even more secure!
  • CatalystGhost, on 10/10/2007, -1/+7Censorship FTL
    We will speak how we ***** damn well please.
  • inactive, on 10/10/2007, -2/+8Definitely agree that they enjoy ignoring multi-year old non-critical bugs.
  • rflint, on 10/10/2007, -0/+6http://blog.mozilla.com/security/2007/06/18/time-to-deploy-improvement-of-25-percent/
  • fkr3, on 10/10/2007, -2/+8They don't have anywhere near the amount of configurations and junk to test with, and they're dealing with a tiny, tiny program by comparison.
  • cyssero, on 04/18/2009, -0/+5Microsoft's deployment of patches has improved dramatically in recent years. Windows XP SP2 / Windows Vista are kept up to date thanks to the persistent automatic updater. If you set it to update and install automatically, you'll have no troubles at all. The security centre will nag and persuade you to install a firewall, antivirus and anit-spyware solution as soon as possible. If you ignore all these things, then you are asking to get infected.

    Every month (as nerveband mentioned) Microsoft has patch Tuesday. Of course highly critical updates are installed earlier, but 30 days is far from 'years'. Not only are they releasing regular security patches, but they're holding your nose and forcing them down your throat. Yet people still complain.
  • jrwr, on 10/10/2007, -0/+5here is the card with the comment on it

    http://img218.imageshack.us/img218/2554/*****.jpg
  • akira117, on 10/10/2007, -2/+7it's in your user options on digg
    (Profanity filter)
  • 0ldmankdude, on 10/10/2007, -0/+5Yeah, same thing here. Must be something to do with google's customized homepage settings (that's where i'm seeing it)
  • Atlantics, on 10/10/2007, -0/+5It's called ha.ckers.org and the page is down...
  • apollomurga, on 10/10/2007, -3/+8Did he really add the "*****" in his statement or was that just the writer of the story putting that in?
  • adrianmonk, on 10/10/2007, -2/+7A memory leak is not a critical security flaw, thus not part of this promise.
  • schoate09, on 10/10/2007, -2/+6Objection, relevance?
  • TexanPsycho, on 10/10/2007, -1/+5I've got close to a hundred tabs open and it loads up just fine. Get a better computer.
  • gaus, on 10/10/2007, -0/+4Firefox updates automatically, doesn't it?
  • s1mph0ny, on 10/10/2007, -0/+4You were too busy sticking your head up your own ass to notice them.
  • Fetching more discussions...
    Show 51 - 100 of 130 discussions

  • Add a Comment

    Login or register to comment!
    Or, sign-in super fast with your Facebook account ...


© Digg Inc. 2009 — Content created and posted by Digg users is dedicated to the public domain | Terms of Use Updated | Privacy Policy
DIGG, DIGG IT, DUGG, DIGG THIS, Digg graphics, logos, designs, page headers, button icons, scripts, and other service names are the trademarks of Digg Inc.