|
General
|
|
Written by Daniel
|
|
Monday, 03 December 2007 11:24 |
|
Mozilla scoffs at vulnerability study rating IE superior to Firefox
By Jeremy Reimer | Published: December 03, 2007 - 10:20AM CT
ARS Technica Jeffrey Jones, a researcher and the Security Strategy Director at Microsoft’s Trustworthy Computing group, recently posted a report (PDF format) that was featured in the CSO online magazine. The report compared the security track records of both Internet Explorer and Firefox, including both older (IE 6 and Firefox 1.0) and newer (IE 7, Firefox 1.5 and 2.0) versions. Jones came to the conclusion that, contrary to popular belief, Internet Explorer has experienced fewer security vulnerabilities than Firefox over the same periods of time.
Now, I can already hear some of you anxiously mashing the "Reply" button in order to point out that Jones' position as an employee of Microsoft has biased his results and thus they cannot be taken at face value. And Mozilla chief evangelist Mike Shaver has some serious problems with Jones' methodology; more on that below.
Jones has anticipated negative reactions and has encouraged readers to challenge his assumptions, analysis, and conclusions by pointing out flaws in his methodology. Jones collected and cross-checked his data from a number of sources in order to ensure its accuracy. Disclosed vulnerabilities for Internet Explorer were compiled from Microsoft security bulletins and for Mozilla's own bulletins for Firefox. Both sources were checked with the National Vulnerability Database (NVD) and sites such as Securityfocus.com, the BugTraq mailing list, Secunia.com, and Securitytracker.com.... Much More Comments in the Forums |
