Wednesday, 31 July 2013

Mozilla teams up with BlackBerry to fight browser bugs

Blackberry logo
Mozilla has teamed up with BlackBerry to develop Peach, an application that will allow researchers to better spot security vulnerabilities in web browsers.
The open-source browser firm and the mobile specialist said that the tool would provide an open framework that security researchers could use to perform “fuzzing” techniques. Such practices are often used to seek out the memory errors which attackers could target to trigger attacks such as denial of service and remote code execution.
“BlackBerry has long relied on large-scale automated testing to identify security issues across its platform. The collaboration with Mozilla plugs directly into BlackBerry’s existing security processes and infrastructure,” wrote Michael Coates, Mozilla's director of security assurance.
“BlackBerry regularly uses third-party fuzzers, in addition to its own proprietary fuzzing tools, static analysis and vulnerability research, in order to identify and address potential security concerns across its portfolio of products and services.”
Coates said that Mozilla would also be releasing an additional security testing tool known as Minion. The tool will look to streamline and reduce the time needed to test applications by automating and reducing the reporting process and limiting the amount of data that is returned to researchers. The company hopes that the tool will make the security research process more efficient.
“The Minion testing platform takes a different approach to automated web security testing by focusing on correct and actionable results that don’t require a security professional to validate,” explained Coates.
“Many security tools generate excessive amounts of data, including incorrectly identified issues that require many hours of specialised research by a security professional.”

No comments:

Post a Comment