Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror

Former MS Security Strategist Joins Mozilla 248

Posted by ScuttleMonkey
from the jumping-the-fence dept.
Handset writes "Former Microsoft security strategist Window Snyder is joining Mozilla to lead the company's effort to protect its range of desktop applications from malicious hacker attacks. eweek.com reports that Snyder, who was responsible for security sign-off for Microsoft's Windows XP Service Pack 2 and Windows Server 2003, will spearhead Mozilla's security strategy and improve its communications with external hackers and bug finders."
This discussion has been archived. No new comments can be posted.

Former MS Security Strategist Joins Mozilla

Comments Filter:
  • by Anonymous Coward on Wednesday September 06, 2006 @06:33PM (#16056206)
    Since Asa Dotzler of Mozilla keeps deleting me from his blog, this is just to publicize. I asked a very simple question in an Ask Asa a while back: Who was responsible for the testing/QA failure that led to a security regression in Firefox 1.0.4, how will they be censured, and what is being done to prevent a similar recurrence. He didn't answer and has deleted every comment I post, in which I've said the same thing. I think it's a fair question. Not answering is pretty crappy, but censoring just because he spends too much time being 'visible' and not enough time actually doing QA is truly pathetic. Asa isn't the funloving guy his blog projects, he can be a complete idiot too. Spread the word. I know this doesn't fit into the rose-tinted view of prominent open source projects with 'many eyeballs' having better security, but it's true. The sad fact is that the entity investing most in automatic code checking tools, mandatory design and test cycles, mandatory threat modeling, regular code audits, etc. is Microsoft. Mozilla security practices are rubbish and the sooner someone publicizes the failure the better it will be. Hopefully Snyder is the person for the job.
  • by EvilGrin666 (457869) on Wednesday September 06, 2006 @07:20PM (#16056421) Homepage
    You seem to be on the inside so I'm curious on why she'd want to leave just at the point where things were working out? Any insights on that?
  • Re:I call bullshit! (Score:0, Interesting)

    by Anonymous Coward on Wednesday September 06, 2006 @07:30PM (#16056463)
    lolwhat

    He admits it himself, he just doesn't accept responsibility (as supposed head of QA) or say what he did/will do to change things like that happening again. Nor has he said (what happened to "open" source and meritocracy) who was responsible for not implementing the unit test that would have caught it - or what managerial changes have been made to ensure that unit tests get properly written. He is simply terrible at QA and much better at self promotion and marketing gimmicks.

    http://weblogs.mozillazine.org/asa/archives/008125 .html [mozillazine.org]
  • Obligatory Overload (Score:2, Interesting)

    by MrCopilot (871878) on Wednesday September 06, 2006 @07:53PM (#16056575) Homepage Journal
    First of all, Window's working at Microsoft. This is too much.

    Second Mozilla nabs her. Ironic No.
    Microsft's Window jumps ship to Firefox.......(of all the headlines we mangle here this one's begging for it.)

    The comedic possibilities are overwhelming. But here is the strangest one. Mozilla supplies her with 3 workstations. For compatability reasons she's gonnan need a Mac, a Linux, and a Windows box.

    ....

    wait for it.

    But now they are all window's machines. Gasp, This woman is dangerous and must be stopped.

    In all seriousness, If she had anything to do with the sp2 patches, she is my new personal hero.

    Welcome to the light. Don't be afraid. No, no, we promise, it's definately not open sores, I don't care what those dicks in the cafeteria said.
    O.K maybe not in all seriousness.

  • by Locke2005 (849178) on Wednesday September 06, 2006 @08:10PM (#16056647)
    She (not he!) is such a babe [securite.org], I could ALMOST forgive her for being named after Microsoft's flagship product!
  • Re:I call bullshit! (Score:0, Interesting)

    by Anonymous Coward on Wednesday September 06, 2006 @08:34PM (#16056719)
    DUMB QUESTION:

    Wait, where does he admit to anything in that post aside from having a new set of builds that solves the security issue?


    ANSWER:

    These builds contain ... the fix for a DHTML regression we shipped in 1.0.3


    He admitted to a security regression (if you look at news sites around that time it was a huge story anyway, but I can't be responsible for your laziness).

    Do you think that security regressions are acceptable for software as widely used as Firefox?

    Do you think that there should be measures in place to prevent security regressions occurring?

    Do you think that after endandering the security of millions of users through mismanagement (remember this was a KNOWN hole) people are entitled to know what is in place to prevent it happening again?

    Do you think that open source is a good idea? Why should coders names be public and testers names not?

    Do you think the head of QA should answer such questions or delete them from his blog?

    This is the sort of mistake which Microsoft were making all the time about 4 or 5 years ago, and keep making today (though not as much) - see the recent patch regression (though in fairness that was limited to XPSP1). Slashdotters rightly mocked and disrespected M$ for it. Why should it be different with Mozilla?

    Please obtain a clue. KTHXBYE.

You might have mail.

Working...