Zotero and Firefox security

At our institution the IT department doesn't officially support Firefox, and our recent push to get Zotero installed was met with some concern, especially in light of the recent security problems with FF add-ons: http://blog.mozilla.com/addons/2010/07/13/add-on-security-announcement/

They asked me to find out more about Zotero in specific (and FF's security policies in general).

Can anyone point me to any information on how the code was reviewed or any policies that I can forward to IT? Because of this issue there is a chance that they will opt for a commercial package, and I'm trying to give them some information to prevent a possible knee-jerk reaction.
  • For a start, Zotero isn't hosted by some anonymous hackers, but by a major public University in the US, so you can be pretty sure that there is no malicious code in it.

    Obviously, Zotero's code is entirely open source, so anyone can review the whole thing - that's the whole security appeal of open source software. You may want to combine that with a reminder that closed-source, commercial software has been more prone to these types of exploits and slower in responding to them -
    http://news.cnet.com/8301-27080_3-10436083-245.html
    for the most recent major case.

    For Firefox, here is their security site:
    http://www.mozilla.org/security/

    Maybe Sean or Dan have more on Zotero's steps to ensure security.
Sign In or Register to comment.