Saturday, August 20, 2011

The Security Consequences Of Mozilla's Rapid Release Schedule

'Mascot' image from the Mozilla ADD-ONS Blog

Continuing on a topic from my last post I want to focus on the security threat created by the 'rapid release' schedule the Firefox browser is now on.

I won't dispute the positive aspects of this move for Mozilla, however from a security standpoint it creates multiple hazards. A 'Ready or not, here we come' dictum may be OK in some cases, but it's a recipe for trouble when it comes to security.

Like it or not Mozilla bears the responsibility for not just it's browser alone, but also for taking into consideration the extended 'technosystem' of add-ons that have a somewhat symbiotic relationship with Firefox. They also have a responsibility to contribute to overall Internet security.

When so many of their users have security software that either integrates with or is a standalone 'add-on' to Firefox (and these users are to be commended for contributing to the overall security of the Internet),  rushing ahead and leaving them vulnerable is irresponsible and thoughtless.

Rushing to get something done often results in mistakes. You can rush things and get your product out first, but it rarely results in a quality product (and in this case you can add "secure" to that).

I realize that Mozilla can't simply wait until every 3rd-party piece of software is updated on their own schedule. There has to be some form of cooperative effort to find a middle ground however.

The consequences of the current situation are giving even more ground to the security threats confronting Firefox users. You wouldn't leave your children home alone (before the sitter gets there) while you go to work, and a wilderness guide wouldn't forge ahead and leave people behind to fend for themselves.... would you?

As people mature they learn to consider the consequences of their actions and hopefully become less self-centered. I realize that many businesses don't act this way, but good ones do (in varying degrees) and those get my respect (and patronage).

This world needs more cooperation not less.

Edit/add [8/20/2011 1:05 PM]:

I left out (in my haste!) the people on the security software side of the equation who need to do their part by starting their update process as soon as they can. They too have a responsibility to work in cooperation with Mozilla so both end up with a reliable product and safer users.

No comments:

Post a Comment

Comments are welcome but need to be on-topic and civil.