It’s time to respond

After Firefox 1.0.3 release we were flooded by criticism from the press. In Poland almost every major newspaper noticed that “Firefox security is a myth”. I’m not sure how big percent of this was motivated by our major rival – all Microsoft related vortals wrote such article, and how much was made because in Poland people love to kick everyone – just to feel better.

No matter of the reason, after a small discussion inside our team we wrote a press announce which was sent to all major newspapers and news sites. And it works! I received a few emails with a questions about Firefox’s security, others just copy-pasted it, and I think that a lot of them for the first time imagined that in such case it could be reasonable to ask Mozilla related source for some statement.

I’m pasting a translation of AviaryPL’s press post in case any other team would like to write something basing on this.

25 April, 2005, (Warsaw). AviaryPL, official Mozilla Firefox localization team for Poland is willing to assume an attitude
to last comments about Mozilla Firefox’s security releases (1.0.x).

Firefox 1.0.3, released on 23rd of March is a continuation of 1.0 line with additional security patches.
After this release we received words of criticism impairing security of Mozilla Foundation’s products.
We would like to refer to those comments and strongly ensure that those releases are absolutely ordinary part of our security policy and if there should be any influence on Mozilla Foundation products evaluation, in our opinion it should be a positive one.

There is no application without any bugs, and the difference is in the way those bugs are managed.
Mozilla Foundation from it’s early days of creating Firefox browser was very focused on security issue and today one can see the results.
Not only it is possible to react on any information about a bug, but also, in case of security related bugs, it is possible to deploy a patch in extremely short time frame.

We’re startled that someone can suggest that releasing two security releases with such short interval is a bad sign. Those voices say, that a better solution would be to delay a release or not releasing it at all.

Search for bugs in Mozilla products code takes place without a break, non stop, by people from all over the world and it is possible that another security bug will be found a few days after release of previous Firefox’s update.
If this takes place, as it took in Firefox 1.0.2 case, Mozilla Foundation is focusing on fixing such bug as soon as possible and release updated version, no matter when previous one was released.

We would like to point out that there was no break in through our application noted and our policy of cooperation and praising people who finds bugs cause that there were no viruses nor trojan horse that would use Mozilla’s products as a gate.

Mozilla Foundation is doing everything possible to assure security of their users. If any bug was found, we thank (also by money) the person who found it. The patch is deployed out of hand, and after some quality assurance tests it is released for our users.
We see every bug as a threat, that should be removed, not as a marketing problem, that should be hidden.

AviaryPL is a group which localize, promote and deploy Mozilla Foundation products in Poland.

Forgive me my English – I know that it’s good enough to be readable, but not to be used in such posts. I can assure you that original polish text was well written and was reviewed by our QA folks. 🙂

I used Gerv’s sentence as a base for last paragraph – shameless. I hope he’s ok with that.
I also think that L10N teams should do their work in handling connection with local press so the press must HAVE the email address where they can ask for comment in any case. I also believe that Mozilla Foundation/ Mozilla Europe should regulate more the area of responsibility of L10N team about press, promotion and business issues. I think we have it ready in AviaryPL, and I talked to Tristan about it, and we should have it clear, but it’s still not regulated by any official policy. And the one that exists (about brand marks) has nothing to do with reality and costs us a lot 🙁