Microsoft today published a report that evaluates the security performance of Internet Explorer and Mozilla Firefox through a detailed comparative look at vulnerabilities. The “Web Browser Vulnerability Analysis” report finds that over a period of three years, Internet Explorer proved to have fewer vulnerabilities than Mozilla Firefox. The report research, conducted by Jeff Jones, Security Strategy Director in Microsoft’s Trustworthy Computing group, examines in detail the volume and severity of vulnerabilities in the two browsers and includes these key findings:
• Microsoft has fixed 87 total vulnerabilities (across all supported versions of Internet Explorer) while Mozilla has fixed 199 vulnerabilities in supported Firefox products
• Internet Explorer experienced a lower volume of reported vulnerabilities across all categories of severity (high, medium, low)
For most people, their web browser is central to their interaction with the Internet, connecting to global web sites and helping them consume online services providing everything from booking flights to banking services to online shopping. This reality makes browsers a key tool when evaluating the security experience of users as the browser interprets Web content and programs delivered from around the world.
Over the past few years, there has been much discussion of the need for improvements in browser security, but few hard data studies performed to support assertions concerning the security of available browsers.
I've just finished up and posted for download a vulnerability analysis of Internet Explorer and Firefox, including fixed and unfixed vulnerabilities, that covers roughly the past three years since Firefox first released.
As usual for these, I want to post one chart as a teaser to get you to go look at the full report. In this case, I'm choosing one that looks at alternative upgrade paths. Let's say you deployed Firefox 1.0 and then Firefox 1.5 came out - did you upgrade immediately or did you wait until support for Firefox 1.0 was ending? (... or maybe you're still using 1.0... tsk tsk) Same question for 2.0.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment