Firefox Upgrades Too Fast For Enterprises

Mozilla mulls how to make its Firefox update strategy more business-friendly, but one exec tells enterprises to accelerate software deployments.
 Firefox 4 Is Faster, Cleaner, More Secure
Slideshow: Firefox 4 Is Faster, Cleaner, More Secure
(click image for larger view and for slideshow)
Speed kills, as far as enterprise IT departments are concerned. The need to move slowly, to make sure nothing breaks when new software gets deployed, is common in large IT organizations. Administrators can't simply roll out new software because it could hinder or break necessary applications.

Google recognized this in March, when its introduced a Scheduled Release track for Google Apps features. The company had been rolling out new features in its cloud-based productivity apps as soon as they were ready, if not sooner. But Google found that introducing changes every few days posed problems for larger corporate clients.

Mozilla learned this lesson too, as it shifted to a rapid release cycle for Firefox to match Google's Chrome release cycle. Mozilla released Firefox 4 in March and just over a week ago launched Firefox 5. It's now aiming to roll out new versions of Firefox every six weeks, and to end support for older versions as new versions are released.

Mozilla is ending support for Firefox 4 before some companies have even had a chance to deploy it. In a post on the blog of Web developer Michael Kaply last week, John Walicki, manager of workplace and mobility in IBM's office of the CIO, explained his problem with the rapid obsolesce of Firefox.

IBM has about 500,000 corporate users of Firefox 3.6 and is currently testing Firefox 4 with its various applications. Walicki said IBM is planning to deploy Firefox 4.01 in Q3, if all goes well. But he complained that the new end-of-life (EOL) policy that Mozilla has adopted with its rapid release cycle has put him in a difficult situation.

"The Firefox 4 EOL is a kick in the stomach," he wrote. "I'm now in the terrible position of choosing to deploy a Firefox 4 release with potentially unpatched vulnerabilities, reset the test cycle for thousands of internal apps to validate Firefox 5, or stay on a patched Firefox 3.6.x. By the time I validate Firefox 5, what guarantee would I have that Firefox 5 won't go EOL when Firefox 6 is released?"

Asa Dotzler, community coordinator for Firefox marketing projects, delivered what corporate IT managers might feel is a further kick, when he posted a comment stating, "Enterprise has never been (and I'll argue, shouldn't be) a focus of ours."

The dust-up attracted the attention of Microsoft. The company's public relations representatives took the opportunity to alert the media that Mozilla's policy "can mean madness for the enterprise audience."

And Ari Bixhorn, Microsoft director of Internet Explorer, cited Dotzler's statement to frame Microsoft's avowed love for enterprise customers. It was a chance, after watching Firefox win market share from Internet Explorer for seven years, to win aggravated enterprise customers back.

Mozilla went into damage-control mode. VP of products Jay Sullivan published a blog post recognizing the challenge that enterprises face when they need to certify their websites, apps, and add-ons with every update.

"We are exploring solutions that balance these needs, with active discussion in our community," he wrote.

VP of technical strategy Mike Shaver on Tuesday offered a more nuanced, more involved assessment of the situation. While conceding that Mozilla would have benefited from better communication about its release strategy and acknowledging that Mozilla needs to develop a framework to incorporate enterprise contributions and concerns into its development process, he also challenged enterprises to move more rapidly.

"Enterprises may also need to change how they think about software rollout, if they want to keep pace with browser development and the evolution of the Web platform," he wrote in a blog post. "This is similar to managing the update cycle of a hosted application like Google Apps or Office 365, which could help the conversation. Some organizations will not be able to adapt, or not willing. If an organization stays on Debian stable for half a decade, they are just going to be left behind by basically all modern software."

So much for slow and steady wins the race.

You can't afford to keep operating without redundancy for critical systems--but business units must prioritize before IT begins implementation. Also in the new, all-digital InformationWeek SMB supplement: Avoid the direct-attached storage trap. Download it now. (Free registration required.)