Submission + - Browsers Improve Security, Web Apps - Not So Much (securityweek.com)
wiredmikey writes: Aggressive initiatives by the makers of popular Web browsers including Google, Microsoft, and Mozilla to improve the security of their Web browsers appear to be paying off.
According to a report today, the big Web browser companies seem paying very close attention to security, with many proactively seeking vulnerabilities by offering rewards or “bounties,” and seem to be efficient at fixing vulnerabilities in a timely manner.
Google's Chrome browser had the most vulnerabilities detected — 89 – likely due to the aggressive campaign to offer cash rewards for any discovered. In the end, Google fixed 88 of these vulnerabilities quickly and efficiently. Similarly, Mozilla Firefox had 65 vulnerabilities detected and fixed 61 in a timely manner. Apple's Safari fixed 39 of 41. Microsoft fixed 26 of 32 for Internet Explorer, and Opera fixed 27 of 29 vulnerabilities discovered.
But despite the progress being made with security on the Web browser front. 2,155 Web application vulnerabilities were discovered discovered — a third of which have both no known solution and an exploit code publicly available.
According to a report today, the big Web browser companies seem paying very close attention to security, with many proactively seeking vulnerabilities by offering rewards or “bounties,” and seem to be efficient at fixing vulnerabilities in a timely manner.
Google's Chrome browser had the most vulnerabilities detected — 89 – likely due to the aggressive campaign to offer cash rewards for any discovered. In the end, Google fixed 88 of these vulnerabilities quickly and efficiently. Similarly, Mozilla Firefox had 65 vulnerabilities detected and fixed 61 in a timely manner. Apple's Safari fixed 39 of 41. Microsoft fixed 26 of 32 for Internet Explorer, and Opera fixed 27 of 29 vulnerabilities discovered.
But despite the progress being made with security on the Web browser front. 2,155 Web application vulnerabilities were discovered discovered — a third of which have both no known solution and an exploit code publicly available.