The open-source browser maker was forced to issue a statement Monday, retracting a pledge attributed to the company"s director of ecosystem development, Mike Schaver, to fix any critical security bugs in the browser within "Ten Days." Security researcher Robert Hansen said that Schaver had made the pledge at a late-night pajama party, hosted at last week"s Black Hat conference in Las Vegas.
When Hansen said he doubted that this was possible, Shaver apparently backed up his pledge in writing: putting it on a business card with an arrow linking to his mobile phone number. "I told him I would post his card -- and he didn"t flinch. No, he wasn"t drunk. He"s serious," Hansen wrote in a Friday blog posting. [Warning: URL and image contain expletive.] On Friday, Mozilla security chief Window Snyder offered a refinement to Shaver"s late-night scrawl. "This is not our policy," she wrote in a blog posting. "We do not think security is a game, nor do we issue challenges or ultimatums."