Mozilla Building Open Source Minion Security Testing Framework
From the 'Up Next, the Lackey Release' files
Security has long been a core competence and a serious focus for Mozilla but now the open source Foundation is taking it a step further. Mozilla is now building its own open source security testing framework called – Minion.
Minion could one day become a core part of all Mozilla development effort, being the security toolkit that will be run to ensure application security.
"Minion is a security testing framework built by Mozilla to bridge the gap between developers and security testers," the project's wiki page states. " To do so, it enables developers to scan their projects using a friendly interface.
The project is now in its earliest phases and a Beta release is set for Q1 of this year. The project already has released a pile of code up on Github and looks to me to be reasonable active.
As is always the case whenever a new security framework is being built, the question is asked if it could also be used by attackers to find exploits.
"[Of course it could be, but the important thing to consider is that Minion doesn't (on it's own) present a novel threat; virtually all of the vulnerability analysis tools are external to the framework (at this point)," Minion contributor Yvan Boilyhttps wrote in a mailing list posting. " Minion does make the tools much easier to use, and out of the box in the release version there will be site authentication controls to allow admins of a minion deployment to prevent abuse, but anyone with basic software development abilities would be able to disable those if they deployed the server themselves."