Software from mozilla.org has a good reputation for security, and we’d like to keep it that way. Dan Veditz, a long-time Mozilla contributor and ex-Netscape employee, was hired a year ago by the Mozilla Foundation to work full time on security issues, and the Foundation will soon be looking to recruit additional resource in this area.
But the project is bigger than just the Foundation, and our security story needs additional help. One place where we could do with reinforcements is in PSM (Personal Security Manager) – the security UI for the Mozilla Suite, and to some extent Firefox and Thunderbird too. This builds on top of our excellent NSS security libraries and other code to expose security control to the user.
PSM needs help in two ways – help at a code level with maintenance of an important part of our software and, in the more general sense, help in tackling the larger UI problem that security presents.
Exposing control of our security infrastructure in a way that gives sufficient flexibility, but is easy for users to understand is a big challenge. In the past, we’ve probably not done as well as we might on the “easy to understand” part. We hope that some people will step up to the plate to take part in collaborative, iterative, open UI development to improve our products in this area.
Slightly offtopic, but this is the first I’ve heard about Dan Veditz being a Mozilla Foundation employee. Generally it’s very hard to get a list of all the Mozilla Foundation employees in one place. Can anything be done about that?
Alex: Take a look at http://en.wikipedia.org/wiki/Mozilla_Foundation (but it seems that list isn’t complete either)
Not offtopic at all – I raised exactly the same point in the staff meeting, and was met with incredulity. Even I don’t know exactly who they employ.
mcsmurf: I wrote most of that list. :-)
Gerv: Given that most of mozilla.org staff can probably see practically the entire Mozilla Foundation workforce just by taking a 360 degree spin in their swivel chairs, they might not appreciate how annoying it is for us on the outside.
To set the record straight I’ve only been a full-time Mozilla Foundation employee since January 2005. Between August and the end of the year I was a contractor for the foundation. For a few months before that I was subcontracted to work on Netscape 7.2, but not by the Foundation.