Unfazed by Microsoft Corp.s plan to roll out a security-centric Internet Explorer refresh later this year, the open-source Foundation says it will hire more staff to work full time on security issues and beef up its public relations efforts to beat the secure browsing drum.
In an interview with eWEEK.com, Mozilla director of engineering Chris Hoffman said the Foundation plans to add another staffer to join Dan Veditz, a long-time Mozilla contributor and ex-Netscape employee who now serves as lead engineer for security.
"Were looking to create another position to oversee the entire infrastructure for development and doing releases. Were adding full-time help to help maintain the level of security were striving for," Hoffman said.
Mozilla has also launched a recruitment drive to find user interface developers, particularly in the PSM (Personal Security Manager), which handles the performance of cryptographic operations for the Mozilla Suite (which includes the flagship Firefox browser).
Hoffman sidestepped a suggestion that the Foundations renewed push around security was directly related to Microsofts IE 7.0 refresh plans. "Our security story is bigger than Firefox. Look at it this way; we have 900 engineers who contributed code to Mozilla over the last year. They all have a deep passion for security and privacy," Hoffman said.
The incredible growth of Firefox over the last three months—25 million downloads in 99 days—has been largely fueled by security-related flaws in Internet Explorer, and although both sides refuse to be drawn into comparison discussions, its no secret that Mozilla and Microsoft are keeping a wary eye on each others moves.
At this years RSA Security Conference, Microsoft executives publicly declined to discuss Firefox.
"When you run a business and you worry only about what your competitors are doing, thats not a long-term business proposition," said Gytis Barzdukas, director of product management in Microsofts security business technology unit.
"Yes, Firefox has come out with technologies that customers are evaluating, [but] we cant worry too much about that," Barzdukas said in an interview with eWEEK.com.
Side-by-side comparisons of the two browsers show that both are prone to security flaws. According to statistics maintained by research firm Secunia, more than 40 percent of all IE flaw warnings between 2003 and 2005 carry a "highly critical" or "extremely critical" rating (see chart here).
Even more worrying, a whopping 32 percent of the 63 advisories over that period remain unpatched.
Mozilla, too, has dealt with its share of Firefox security hiccups. Late Thursday, the browser underwent a browser refresh to plug a series of "moderately critical" flaws. Secunia reports that 25 percent of known vulnerabilities in Firefox still remain without fixes (see graph here).