Firefox 3 Beta Boosts Security

,----[ Quote ]
| Review: Firefox 3 should be welcome both for its many small usability
| improvements and for its under-the-covers Web rendering engine and security
| enhancements.
`----

http://www.eweek.com/article2/0,1759...129TX1K0000616

AJAX benefits, issues cited by Zimbra exec

,----[ Quote ]
| Dietzen noted Zimbra's platform enables use of mashups; these feature quickly
| assembled task-based applications deriving data from other, larger systems.
| Mashups get Dietzen's vote as the killer app for Web 2.0.
`----

http://news.yahoo.com/s/infoworld/20...nfoworld/93799


Yesterday:

Critical Vulnerability in Microsoft Metrics

,----[ Quote ]
| This is a small subset of all the vulnerabilities, because the
| vulnerabilities that are found through the QA process and the vulnerabilities
| that are found by the security folks they engage as contractors to perform
| penetration testing are fixed in service packs and major updates. For
| Microsoft this makes sense because these fixes get the benefit of a full test
| pass which is much more robust for a service pack or major release than it is
| for a security update. Â* Â* Â*
`----

http://blog.mozilla.com/security/200...osoft-metrics/


Skeletons in Microsoft’s Patch Day closet

,----[ Quote ]
| This is the first time I’ve seen Microsoft prominently admit to silently
| fixing vulnerabilities in its bulletins — a controversial practice that
| effectively reduces the number of publicly documented bug fixes (for those
| keeping count) and affects patch management/deployment decisions. Â*
`----

http://blogs.zdnet.com/security/?p=316


Beware of undisclosed Microsoft patches

,----[ Quote ]
| Forget for a moment whether Microsoft is throwing off patch counts
| that Microsoft brass use to compare its security record with those
| of its competitors. What do you think of Redmond’s silent patching
| practice?
`----

http://blogs.zdnet.com/microsoft/?p=527


Microsoft is Counting Bugs Again

,----[ Quote ]
| Sorry, but Microsoft's self-evaluating security counting isn't really a
| good accounting.
|
| [...]
|
| The point: Don't count on security flaw counting. The real flaw is
| the counting.
`----

http://www.microsoft-watch.com/conte...129TX1K0000535