Mozilla Security Blog
Categories: Announcements Conferences Security

Mike Shaver, ten days, and expletives

Window Snyder

14 responses

Mike Shaver (Director of Ecosystem Development at Mozilla) handed his business card to Robert Hansen (RSnake) on Wednesday night at Black Hat. On it he wrote “ten f—ing days.” When I asked him about it, he said he meant to communicate to Robert that since Mozilla got a recent security update out in only ten days, that there was no reason for Robert to post details of vulnerabilities publicly before a patch was available. Since we’re among the most responsive software vendors, security researchers do not have to resort to full disclosure to get us to patch bugs quickly.

Well, whatever he meant, his statement has taken on a life of its own. Robert posted on his blog, and a bunch of news articles picked it up as a challenge.

This is the official Mozilla word: This is not our policy. We do not think security is a game, nor do we issue challenges or ultimatums. We are proud of our track record of quickly releasing critical security patches, often in days. We work hard to ship fixes as fast as possible because it keeps people safe. We hope these comments do not overshadow the tremendous efforts of the Mozilla community to keep the Internet secure.

14 comments on “Mike Shaver, ten days, and expletives”

  1. Ping from » Patches in ten f***ing days? Not really, says Mozilla | Ryan Naraine’s Zero Day | ZDNet.com on

    […] security chief Window Snyder also offered an immediate explanation: When I asked him [Shaver] about it, he said he meant to communicate to Robert that since Mozilla […]

  2. Ping from about ten days at black hat · Get Latest Mozilla Firefox Browsers on

    […] Window has posted on this topic as well, over at the Mozilla security blog.] addthis_url = ‘http%3A%2F%2Fgetfirefoxbrowsers.com%2F2007%2F08%2Fabout-ten-days-at-black-hat’; […]

  3. Ping from Mozilla says no guarantees of 10-day patch turnarounds — Security Bytes on

    […] supposed claim that it could fix any responsibly disclosed flaw in 10 days. Mozilla security chief Window Snyder says that is not the group’s stance, and never has been. “This is not our policy. We do not think security is a game, nor do we […]

  4. Ping from hackademix.net » Ten, they can! (if they want) on

    […] official, Window Snyder didn’t like the 10FD story. Mozilla’s new policies and restrictions over Mike Shaver’s business cards have not […]

  5. Ping from Mozilla: 10-day patch guarantee ‘not our policy’ on

    […] is not our policy,” she wrote in a blog posting. “We do not think security is a game, nor do we issue challenges or […]

  6. Ping from Techzi » Blog Archive » Mozilla: 10-day patch guarantee ‘not our policy’ on

    […] is not our policy,” she wrote in a blog posting. “We do not think security is a game, nor do we issue challenges or […]

  7. Ping from Firefox Clarifies ‘Ten Day Policy’ at Catherine’s Flying Hamster Blog on

    […] link: Window Snyder’s Blog […]

  8. Ping from Mozilla: 10-Day Patch Guarantee ‘Not our Policy’ « TechTitans™ on

    […] is not our policy,” she wrote in a blog posting. “We do not think security is a game, nor do we issue challenges or […]

  9. Greg K Nicholson wrote on

    It’s a testament to Mozilla’s track record that so many people think it’s plausible that Mozilla could fix any security bug in ten days.

  10. Ping from about ten days at black hat · Get Latest Mozilla Firefox Browsers on

    […] Window has posted on this topic as well, over at the Mozilla security blog.] addthis_url = ‘http%3A%2F%2Fgetfirefoxbrowsers.com%2F2007%2F08%2Fabout-ten-days-at-black-hat-2’; […]

  11. Ping from Inside Firefox » Blog Archive » 10 days to a security fix on

    […] is how shaver probably got to 10 days and I may be wrong on a lot of this, I’ve been out of the release loop.  I’m posting […]

  12. Ping from Mozilla nie będzie łatać dziur w 10 dni « Blog nyax’a, czyli mój ;) on

    […] następstwie tego wydarzenia Window Snyder oświadczyła na blogu, że wydawanie poprawek w ciągu 10 dni nie jest polityką Mozilli. Podkreśliła, że […]

  13. Ping from TerminalDigit - Mozilla Officially Retracts “Ten Fucking Days” on

    […] read more | digg story […]

  14. shaon wrote on

    Mozilla is the best browser!!! Lets time to leave IE