Mozilla and Blackberry use Peach to squish browser bugs

Mozilla and Blackberry use Peach to squish browser bugs

Summary: Mozilla and BlackBerry are sharing desktop, mobile and browser security experience.

SHARE:

Mozilla and BlackBerry throwing together their advanced threat detection tools to improve a popular open source 'fuzzing' tool, which the pair will use to find and squish new bugs in browsers.

The two companies will work on Peach v2, a version of the Peach open source fuzzing framework that helps with large scale automated testing. Fuzzing throws unexpected code repeatedly at software to cause a crash and uncover breakages that could be exploited by hackers. The idea behind it is to find and remove the bugs before they reach the public.

Mozilla's director of security assurance Michael Coates notes in the announcement that Mozilla already uses Peach to fuzz test HTML5 features such as image, video and audio formats. HTML5 of course is important not only for Mozilla's desktop and mobile browsers, but also Firefox OS, and this type of testing has already proved effective in helping secure both, according to Coates.

BlackBerry will bring its own experience to the effort, and, according to Coates, regularly uses third-party fuzzers and its own proprietary fuzzing tools, static analysis and vulnerability research to uncover security issues "across its portfolio of products and services".

"BlackBerry has long relied on large-scale automated testing to identify security issues across its platform. The collaboration with Mozilla plugs directly into BlackBerry's existing security processes and infrastructure," Coates said.

The research partnership though will focus purely advancing Peach fuzzing software for testing Web browsers and the partnership will benefit mobile and desktop customers, according to Adrian Stone, director of BlackBerry security response and threat analysis.

"Security is an industry-wide challenge that cannot be solved in a vacuum, and that is why BlackBerry and Mozilla security researchers are working together to develop new and innovative tools for detecting browser threats before they can affect both mobile and desktop customers," Stone said.

Mozilla's Coates also plugged the 0.3 release of Minion, a security testing platform under development by Mozilla's security automation team that helps scan and test websites and services like plugins.

According to Coates, Minion means that developers won't need to rely on a security professional to validate the results of tests.

"Many security tools generate excessive amounts of data, including incorrectly identified issues that require many hours of specialized research by a security professional. Minion favors accuracy and simplicity and is designed so every developer, regardless of security expertise, can use this platform to increase the security of their applications," Coates wrote.

Topics: Security, Browser, BlackBerry

Liam Tung

About Liam Tung

Liam Tung is an Australian business technology journalist living a few too many Swedish miles north of Stockholm for his liking. He gained a bachelors degree in economics and arts (cultural studies) at Sydney's Macquarie University, but hacked (without Norse or malicious code for that matter) his way into a career as an enterprise tech, security and telecommunications journalist with ZDNet Australia. These days Liam is a full time freelance technology journalist who writes for several publications.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

2 comments
Log in or register to join the discussion
  • well they better get busy, because

    although I'm a long time firefox user, I've had it with the bugs and features that have just quit working, webpages that i can no longer access. If I did detest Chrome, I'd switch now!
    winddrift03
  • PLEASE I BEG YOU

    Get Rid of Donald Trumps Ugly face from "You May Also Like"
    sightsandsounds