Subscribe to How-To Geek

Login / Signup

Welcome to the How-To Geek Forums

We encourage you to register on our forums and post any questions you might have. The How-To Geeks monitor this forum and will respond to your question quickly.

How-To Geek Forums » Geek Stuff

And the browser wars continue . . .

(2 posts)
  • Started 8 months ago by BobJam
  • Latest reply from sahlgoode
  • Topic Viewed 228 times

BobJam
BobJam
Posts: 878

From a recent Secunia "2008 Report":

"31 vulnerabilities were reported for Internet Explorer (IE 5.x, 6.x, and 7), including those publicly disclosed prior to vendor patch as well as those included in Microsoft Security Bulletins.

Safari and Opera each had 32 and 30 vulnerabilities, whereas 115 vulnerabilities were registered for Firefox in 2008."

These statistics would seem to indict FF, and convey the idea that FF has become less secure than IE. But hold on a minute. Before IE supporters celebrate and claim that FF had almost as many as 4 times the security issues as IE, let's look a little closer at those numbers.

Mozilla discloses and releases bulletins for all security issues fixed in Firefox, regardless of how they were discovered. Microsoft, on the other hand, in most cases only discloses issues reported by external independent parties, but not by their own internal developers, QA, or security contractors.

So presenting those numbers is very misleading. It's like comparing traffic accident rates for two cities of equal size, but one only reports accidents that make the news while the other reports all traffic accidents.

Microsoft tries to make the point that the number of internally found issues is small and not meaningful. That would unfortunately imply their internal testing and security processes are incapable of finding security issues, and rely entirely on the generosity of random strangers (security researchers). I would find that pretty scary. On the contrary, Microsoft has very capable security teams and QA processes, which are so good at finding security issues that they usually find far more internally than they ever disclose to the public.

Finally, buried in the Secunia report itself is this little gem, and I quote: "Microsoft IE had several serious threats going unpatched for up to as much as 110 days after disclosure", while according to the report FF went only 15 days for even much less critical patches.

This sort of reporting only encourages companies to hide as many security issues and fixes as possible, which moves the state of security backwards.

I'm not necessarily bashing IE or proclaiming the "nobility" of Mozilla developers, just questioning the reporting.

(While I am certainly biased because I favor FF . . . . to disclose fully myself, I took some of this argument from ideas expressed in a Mozilla blog, but I think the argument was well made. And I know most folks on here are FF fans, so I'm likely preaching to the choir.)

Thoughts?

Posted 8 months ago #
Top
 
sahlgoode
sahlgoode
Posts: 19

Amen to that Paster BobJam! Great report.

Posted 8 months ago #
Top
 

RSS feed for this topic

Reply

You must log in to post.

Our Friends
Getting Started


About How-To Geek
What Is That Process?
svchost.exe
jusched.exe
dwm.exe
ctfmon.exe
wmpnetwk.exe
mDNSResponder.exe 		wmpnscfg.exe
rundll32.exe
wfcrun32.exe
Ipoint.exe
Itype.exe 		Wfica32.exe
Mobsync.exe
conhost.exe
Dpupdchk.exe Adobe_Updater.exe

Copyright © 2006-2009 HowToGeek.com. All Rights Reserved.