Submission + - Firefox flaws account for 44% of all browser bugs
JagsLive writes: Firefox flaws account fored 44% of all browser bugs, Apple's Safari takes second, with 35%, and IE came third with 15%, in the first six months of 2009 as per California-based Cenzic.
The Cenzic report can be downloaded from the company's site (in PDF : http://www.cenzic.com/downloads/Cenzic_AppSecTrends_Q1-Q2-2009.pdf ).
"It's not rocket science," said Lars Ewe, Cenzic's chief technology officer, referring to the browser bug counting. "We used several databases, including the CVE (common vulnerabilities and exposures) database to count the number of known vulnerabilities.
Cenzic did not separately count the number of "zero-day" bugs — those unpatched at the time exploit code went into circulation — said Ewe, who defended his company's tally at the same time he downplayed their significance.
"At the end of the day, the number of vulnerabilities is only one measurement of a browser's security," said Ewe. "We're not trying to point a finger at any one browser. I would certainly not abandon Firefox because of this."
Mozilla has been slammed for the number of flaws it fixes in Firefox before. Last spring, for instance, Jeff Jones, a director in Microsoft's security technology unit, and Mike Shaver, the vice president of engineering at Mozilla, traded barbs about browser security after Danish security vendor Secunia published a report that said Firefox had nearly four times as many flaws as IE during 2008.
Computerworld : http://www.computerworld.com/s/article/9140582/Firefox_flaws_account_for_44_of_all_browser_bugs
The Cenzic report can be downloaded from the company's site (in PDF : http://www.cenzic.com/downloads/Cenzic_AppSecTrends_Q1-Q2-2009.pdf ).
"It's not rocket science," said Lars Ewe, Cenzic's chief technology officer, referring to the browser bug counting. "We used several databases, including the CVE (common vulnerabilities and exposures) database to count the number of known vulnerabilities.
Cenzic did not separately count the number of "zero-day" bugs — those unpatched at the time exploit code went into circulation — said Ewe, who defended his company's tally at the same time he downplayed their significance.
"At the end of the day, the number of vulnerabilities is only one measurement of a browser's security," said Ewe. "We're not trying to point a finger at any one browser. I would certainly not abandon Firefox because of this."
Mozilla has been slammed for the number of flaws it fixes in Firefox before. Last spring, for instance, Jeff Jones, a director in Microsoft's security technology unit, and Mike Shaver, the vice president of engineering at Mozilla, traded barbs about browser security after Danish security vendor Secunia published a report that said Firefox had nearly four times as many flaws as IE during 2008.
Computerworld : http://www.computerworld.com/s/article/9140582/Firefox_flaws_account_for_44_of_all_browser_bugs