Earthweb passes along a ZDNet article which notes, “In partnership with indie security consultant Rich Mogull, Mozilla has launched a valuable Security Metrics Project that could help to — we can only hope — put an end to the silly notion that patch-counting helps to determine a product’s security posture. The idea is to develop a metrics model that goes beyond simple bug counts to accurately reflect the effectiveness of secure development efforts and the relative risk to users over time. Mogull has released a spreadsheet (.xls) with a preliminary version of the model and Mozilla’s Window Snyder is actively seeking feedback to make the project open and meaningful.”

Read more of this story at Slashdot.

Read the full story