Defense in Depth

Read all 'Open Source' posts in Defense in Depth
December 10, 2008 1:08 PM PST

Window Snyder to leave Mozilla

by Robert Vamosi
  • 4 comments
(Credit: Robert Vamosi/CBS Interactive)

Window Snyder, Mozilla's chief security something-or-other (her official title), is leaving Mozilla, effective the end of the year.

"I am sad to be leaving," she wrote in her blog on Wednesday, "but I am excited to go work on something I have always been passionate about. I wish I could tell you about it now, but that will have to wait for a while."

In an interview earlier this year, Snyder stressed to me how she wants to bring open-source practices to the security community. And her background certainly supports that passion.

Snyder is the co-author of Threat Modeling, a book about application security. Her security work started at @Stake (now a part of Symantec) before continuing at Microsoft. Later she helped found Matasano Security before landing at Mozilla in September 2006.

Johnathan Nightingale, Lucas Adamski, Brandon Sterne, and Mike Shaver will continue to blog about security at Mozilla in Snyder's absence.

Topics:
Browsers and extensions
Tags:
security,
Window Snyder,
Mozilla,
Firefox,
Thunderbird,
open source. Threat Modeling
Share:
Digg
Del.icio.us
Reddit
January 8, 2008 7:10 AM PST

11 open-source projects certified as secure

by Robert Vamosi
  • 3 comments

Coverity, which creates automated source-code analysis tools, announced late Monday its first list of open-source projects that have been certified as free of security defects.

Eleven projects made the list: Amanda, NTP, OpenPAM, OpenVPN, Overdose, Perl, PHP, Postfix, Python, Samba, and TCL.

San Francisco-based Coverity, working in collaboration with Stanford University and under a contract from the Department of Homeland Security, is analyzing source code to certify that open-source projects written in C, C++, and Java are secure. Coverity has not disclosed the amount of the DHS contract.

The certification was created so that companies can "select these open-source applications with even greater confidence," Coverity said.

The company uses a ladder metaphor in its certification process.

Rung 2, which was announced late Monday and is the most secure level to date, includes the 11 projects. Rung 1 now includes 86 projects. Rung 0, the lowest level, currently lists 173 projects.

In all cases, open-source vendors must fix all vulnerabilities discovered by Coverity's tools in order to move up the rungs of the security ladder.

Topics:
Security
Tags:
security,
security certification,
DHS,
Coverity,
Open Source
Share:
Digg
Del.icio.us
Reddit
  • prev
  • 1
  • next
advertisement

15 sites that went kaput in 2009

Web sites launch all the time, but they also shut their doors. We highlight 15 that bit the dust this year.

Top 10 news stories of the decade

Let the debate begin: Was the iPhone more important than iTunes? Was anything bigger than Google finding a great business model? CNET offers its list of the 10 most important stories of the '00s.

About Defense in Depth

Covering computer viruses and computer crime, Robert Vamosi goes beyond the hype to provide you with expert interviews of the top security researchers, as well as offering the hands-on, nontechnical advice you'll need to stay safe online.

Add this feed to your online news reader

Defense in Depth topics

Most Discussed



advertisement

Inside CNET News

Scroll Left Scroll Right
News
News site map
Latest headlines
Contact News
News staff
Corrections
CNET blogs
Popular topics
Apple iPhone
Apple iPod
Cell phones
CES 2010
GPS
LCD TV
CNET sites
CNET Site map
CNET TV
Downloads
News
Reviews
Shopper.com
More information
Newsletters
CNET Mobile
Customer Help Center
RSS
CNET Widgets
About CNET