[ news_security_news ]
Firefox Wins Over Internet Explorer In Vulnerability Numbers
John Stith
Staff Writer
2006-03-08
 Insider Reports RSS Feed
Mozilla Firefox, the current up and coming young browser on the block is creating no end of problems for Internet Explorer (IE) regarding vulnerability numbers. While this debate will continue to rage on, Symantec put together some pretty impressive numbers and they give Firefox the edge.
Most people who follow the tech industry know there's a huge swathe of people out there who detest Microsoft and everything about them. This is going to give them sweet dreams indeed. Symantec, last year, said IE was lower in vulnerabilities than Firefox. The number was based on the number of company-recognized vulnerabilities. This means that either Mozilla or Microsoft had to acknowledge the vulnerability. Published but not recognized flaws didn't count.
Critics of this measurement argue that many vulnerabilities aren't recognized, sometimes for long periods of time because Microsoft doesn't always list them right away and as Oliver Friedrichs, a senior manager at Symantec's security response group, admitted in InformationWeek, "How we did it before wasn't a fair comparison. It wasn't an apples to apples comparison."
The numbers reported in the second half of 2005, Microsoft confirmed 12 vulnerabilities versus 13 from Mozilla. The reports also said that when measuring totals for the last 18 months, Firefox flaws topped 60, more than double the Microsoft confirmed numbers.
Friedrichs pointed out that, "in open source, more vulnerabilities will be acknowledged because of the transparency in development." The changes they've made in the accounting help adjust the totals.
When the counts were adjusted for vulnerabilities made public, but not necessarily confirmed, Firefox had 17 versus the 24 in IE, a dramatic difference.
Once again, Friedrichs in InformationWeek:
"The vendor- and non-vendor-confirmed numbers are the ones I'd recommend using," said Friedrichs. "For one thing, it removes the delay that can effect numbers because of long patch times by commercial vendors."
He went on to say that while Symantec doesn't make judgment calls of which is more secure, they do stand behind the numbers and "We just stick to the facts."
This does throw up some interesting numbers and while IE fans were certainl excited about the original numbers, often the reality is Microsoft and all the things that go in Windows are so vast and so big, it's difficult to get the flaws out. But, it also means the Redmond wizards need to work that much higher and raise their quality standard to secure their products. One can only hope the new Windows and IE 7 get there.
Tag: FireFox, Tag: Internet Explorer
Get all the updates - click this link: 
Add to | DiggThis| Yahoo My Web
About the Author:
John is a staff writer for SecurityProNews covering cyber security.
More news_security_news Articles
Insider Reports RSS Feed
|
|
iEntry 10th Anniversary
RSS
Archive
