Mozilla to give away own security testing tools

Mozilla will release some of its homegrown security tools to the open-source community, the company's head of security has said, starting with a "fuzzer" it uses to pin down JavaScript bugs in Firefox.

Share

Mozilla will release some of its homegrown security tools to the open-source community, the company's head of security has said, starting with a "fuzzer" it uses to pin down JavaScript bugs in Firefox.

The JavaScript fuzzer, said Window Snyder, Mozilla's security chief, will be handed over on Thursday morning following a presentation at Black Hat, a two-day security conference in Las Vegas.

"We're announcing that we'll be sharing our tools with the community, and releasing the JavaScript fuzzer then," said Snyder.

Other tools will follow, including fuzzers that stress-test the HTTP and FTP protocols. Those two tools, however, are not ready to offer to outsiders, largely because Mozilla wants to wrap up talks with other browser vendors before they are shared.

Fuzzing, a technique used by both white- and black-hat researchers trolling for vulnerabilities, and by developers to finger flaws in their code before it goes public, drops data into applications or operating system components to see if – and where – breakdowns occur. Typically, the process is automated with a fuzzer, the term for software that hammers on application inputs. The JavaScript fuzzer, Snyder said, has identified "dozens" of vulnerabilities in Firefox code.

Snyder said Firefox developers have created many tools, and though a lot of them are small, special-purpose ones, all of them could be useful to others.

"We want to make the work we're already doing available to other people and to other products" in the hope that the tools might help developers outside Mozilla spot problems in their code, she said. Snyder sees a direct benefit to Mozilla, too. The more people who bang on the tool, tweak it and modify it, the better the tools should become, she said.

Find your next job with computerworld UK jobs