Zotero and Firefox security
At our institution the IT department doesn't officially support Firefox, and our recent push to get Zotero installed was met with some concern, especially in light of the recent security problems with FF add-ons: http://blog.mozilla.com/addons/2010/07/13/add-on-security-announcement/
They asked me to find out more about Zotero in specific (and FF's security policies in general).
Can anyone point me to any information on how the code was reviewed or any policies that I can forward to IT? Because of this issue there is a chance that they will opt for a commercial package, and I'm trying to give them some information to prevent a possible knee-jerk reaction.
They asked me to find out more about Zotero in specific (and FF's security policies in general).
Can anyone point me to any information on how the code was reviewed or any policies that I can forward to IT? Because of this issue there is a chance that they will opt for a commercial package, and I'm trying to give them some information to prevent a possible knee-jerk reaction.
Obviously, Zotero's code is entirely open source, so anyone can review the whole thing - that's the whole security appeal of open source software. You may want to combine that with a reminder that closed-source, commercial software has been more prone to these types of exploits and slower in responding to them -
http://news.cnet.com/8301-27080_3-10436083-245.html
for the most recent major case.
For Firefox, here is their security site:
http://www.mozilla.org/security/
Maybe Sean or Dan have more on Zotero's steps to ensure security.