Software from mozilla.org has a good reputation for security, and we’d like to keep it that way. Dan Veditz, a long-time Mozilla contributor and ex-Netscape employee, was hired a year ago by the Mozilla Foundation to work full time on security issues, and the Foundation will soon be looking to recruit additional resource in this area.
But the project is bigger than just the Foundation, and our security story needs additional help. One place where we could do with reinforcements is in PSM (Personal Security Manager) – the security UI for the Mozilla Suite, and to some extent Firefox and Thunderbird too. This builds on top of our excellent NSS security libraries and other code to expose security control to the user.
PSM needs help in two ways – help at a code level with maintenance of an important part of our software and, in the more general sense, help in tackling the larger UI problem that security presents.
Exposing control of our security infrastructure in a way that gives sufficient flexibility, but is easy for users to understand is a big challenge. In the past, we’ve probably not done as well as we might on the “easy to understand” part. We hope that some people will step up to the plate to take part in collaborative, iterative, open UI development to improve our products in this area.