Mike Shaver, ten days, and expletives
6 August 2007Mike Shaver (Director of Ecosystem Development at Mozilla) handed his business card to Robert Hansen (RSnake) on Wednesday night at Black Hat. On it he wrote “ten f—ing days.” When I asked him about it, he said he meant to communicate to Robert that since Mozilla got a recent security update out in only ten days, that there was no reason for Robert to post details of vulnerabilities publicly before a patch was available. Since we’re among the most responsive software vendors, security researchers do not have to resort to full disclosure to get us to patch bugs quickly.
Well, whatever he meant, his statement has taken on a life of its own. Robert posted on his blog, and a bunch of news articles picked it up as a challenge.
This is the official Mozilla word: This is not our policy. We do not think security is a game, nor do we issue challenges or ultimatums. We are proud of our track record of quickly releasing critical security patches, often in days. We work hard to ship fixes as fast as possible because it keeps people safe. We hope these comments do not overshadow the tremendous efforts of the Mozilla community to keep the Internet secure.
14 Responses to “Mike Shaver, ten days, and expletives”
August 6th, 2007 at 11:37 am
[...] security chief Window Snyder also offered an immediate explanation: When I asked him [Shaver] about it, he said he meant to communicate to Robert that since Mozilla [...]
August 6th, 2007 at 12:04 pm
[...] Window has posted on this topic as well, over at the Mozilla security blog.] addthis_url = ‘http%3A%2F%2Fgetfirefoxbrowsers.com%2F2007%2F08%2Fabout-ten-days-at-black-hat’; [...]
August 6th, 2007 at 12:55 pm
[...] supposed claim that it could fix any responsibly disclosed flaw in 10 days. Mozilla security chief Window Snyder says that is not the group’s stance, and never has been. “This is not our policy. We do not think security is a game, nor do we [...]
August 6th, 2007 at 1:11 pm
[...] official, Window Snyder didn’t like the 10FD story. Mozilla’s new policies and restrictions over Mike Shaver’s business cards have not [...]
August 6th, 2007 at 1:53 pm
[...] is not our policy,” she wrote in a blog posting. “We do not think security is a game, nor do we issue challenges or [...]
August 6th, 2007 at 2:14 pm
[...] is not our policy,” she wrote in a blog posting. “We do not think security is a game, nor do we issue challenges or [...]
August 7th, 2007 at 2:02 pm
[...] link: Window Snyder’s Blog [...]
August 7th, 2007 at 2:09 pm
[...] is not our policy,” she wrote in a blog posting. “We do not think security is a game, nor do we issue challenges or [...]
August 7th, 2007 at 3:47 pm
It’s a testament to Mozilla’s track record that so many people think it’s plausible that Mozilla could fix any security bug in ten days.
August 8th, 2007 at 6:26 pm
[...] Window has posted on this topic as well, over at the Mozilla security blog.] addthis_url = ‘http%3A%2F%2Fgetfirefoxbrowsers.com%2F2007%2F08%2Fabout-ten-days-at-black-hat-2′; [...]
August 8th, 2007 at 9:21 pm
[...] is how shaver probably got to 10 days and I may be wrong on a lot of this, I’ve been out of the release loop. I’m posting [...]
August 10th, 2007 at 3:49 am
[...] następstwie tego wydarzenia Window Snyder oświadczyła na blogu, że wydawanie poprawek w ciągu 10 dni nie jest polityką Mozilli. Podkreśliła, że [...]
August 15th, 2007 at 1:10 pm
[...] read more | digg story [...]
August 22nd, 2007 at 12:31 am
Mozilla is the best browser!!! Lets time to leave IE