'Peach' from BlackBerry, Mozilla fights bugs | Security & Privacy - CNET News
Nobody likes bugs in their peaches, but in computer security terms, the goal of the new "Peach" tool from BlackBerry and Mozilla is to fight back against the critters.
Peach is an open-source "fuzzing" tool, which automates tests designed to expose hidden security holes, so they can be fixed before people have been put at risk.
The tool represents a major effort by technology companies to get better security tools into the hands of developers.
"At a high level, what we're trying to do is test bad input into our browser that could cause something to go wrong," said Michael Coates, Mozilla's director of security assurance. "We want to keep users safer before things go wrong."
In a blog post announcing the tool, Mozilla says it has used Peach to successfully detect problems in the rapidly developing HTML5 technologies, including WebGL, WebRTC, image formats, audio and video formats, and fonts, in Firefox and Firefox OS.
For its part, BlackBerry relies on a mix of its own proprietary fuzzing tools and third-party ones to test how secure its products are. "[Peach] spans across multiple technologies," said Adrian Stone, who leads Research in Motion's security response team. "We employ fuzzing technology on a pretty wide scale at BlackBerry... not just for our mobile phones, but also the blackberry enterprise server."
The collaboration could indicate part of a change in computer security culture, as large companies invest more effort in sharing security research. But it also speaks to addressing the legitimate concerns of security experts that the Web-as-platform presents potential serious security risks.
Meanwhile, Mozilla has released a second open-source security tool for developers and security experts, called Minion. Its goal is to narrow down the volumes of data that security logs generate to a smaller, more accurate list. Think of it as showing you one of the five cable channels you always watch, instead of turning on the TV to one of 500 channels at random.
"Security tools now require a security professional to use them, and that's not a tenable future for the Web," said Coates. Minion, he said, is "trying to give users the right information."
He emphasized that Mozilla's goal is to put "usable security into the users hands." Laudable, to be sure, and necessary. So far, though, security has proven an elusive aim on the Web
Download Links: Peach and HotFuzz