Mozilla: We'll patch flaws in 10 [expletive] days

Imagine, if you will, the CEO of an open-source software vendor looking a cobra in the eye and daring the snake to bite him. Seems pretty brazen, doesn't it? Well, you might be surprised to hear Mozilla executive Mike Shaver recently did the equivalent: at the Black Hat security conference in Las Vegas last week, Shaver told notable hacker Robert Hansen--CEO of SecTheory.com and author of the ha.ckers.org blog--that Mozilla can "roll out any critical patches within 10 days," provided the vulnerabilities are responsibly disclosed. Hansen asked for the statement in writing and Shaver obliged, scrawling "Ten [expletive deleted] Days" on a business card. Hansen, of course, posted a photo of the card on his site, writing "I told him I would post his card - and he didn't flinch. No, he wasn't drunk. He's serious." Historically speaking, Mozilla has been pretty quick to roll out patches and I wouldn't doubt the company could roll out a patch within 10 days in most instances. However, qualifying Mozilla's ability to patch exploits quickly is a pretty brazen move and might even be read as a dare by some hackers--anyone care to take Shaver up on it?

For more on the boast:
- see this ComputerWorld story

Related Articles:
Mozilla gets more open with security
Mozilla to issue workaround for .ANI bug