Firefox Whips Internet Explorer In Vulnerability Tally - InformationWeek
04:16 PM

Firefox Whips Internet Explorer In Vulnerability Tally

Symantec changes the way it tallies potential security gaps in browsers and concludes that Mozilla Firefox has fewer vulnerabilities.

Symantec has changed how it spells out Firefox and Internet Explorer browser vulnerabilities in reaction to complaints last September from Mozilla Firefox users and developers.

"How we did it before wasn't a fair comparison," said Oliver Friedrichs, the senior manager of Symantec's security response group. "It wasn't an apples to apples comparison."

Previously, Symantec's Internet Security Threat Report counted only vendor-confirmed bugs in the two browsers, which led to gripes from Firefox fans that the Internet Explorer tally was inaccurate, and too low.

In the newest report, which Symantec issued Tuesday, the Cupertino, Calif.-based security company has split the counts into two categories: vendor-confirmed and a combination of vendor- and non-vendor-confirmed flaws.

That gives the edge to IE in one tally, Firefox in the other.

In the last six months of 2005, Microsoft confirmed 12 vulnerabilities in Internet Explorer, down slightly from the 14 in the first half of last year. Firefox, however, sported 13 vendor-confirmed flaws, one more than IE, but also down from the 27 in the previous period.

In fact, when counting only vendor-confirmed bugs, Firefox appears to be significantly more vulnerable than IE over the last 18 months. During that period, the number of Firefox-admitted flaws easily topped 60. In the same period, IE posted fewer than half as many vendor-confirmed bugs.

Explaining the difference, Friedrichs said "In open source, more vulnerabilities will be acknowledged because of the transparency in development."

But the new counting methodology, which Friedrichs said was the "more accurate" of the two, combines all vulnerabilities, including those made public but not necessarily confirmed by the vendor.

In that count, IE comes out second-best: In the same six months, Firefox suffered from 17 total vulnerabilities, while IE had 24.

"The vendor- and non-vendor-confirmed numbers are the ones I'd recommend using," said Friedrichs. "For one thing, it removes the delay that can effect numbers because of long patch times by commercial vendors."

Symantec, said Friedrichs, won't make claims that one of the two leading browsers is more secure than the other. "We just stick to the facts," he said. "But the number of vulnerabilities are legitimate, so we can say that Firefox has fewer vulnerabilities."

1 of 2
Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
How Enterprises Are Attacking the IT Security Enterprise
How Enterprises Are Attacking the IT Security Enterprise
To learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
Register for InformationWeek Newsletters
White Papers
Current Issue
IT Success = Storage & Data Center Performance
Balancing legacy infrastructure with emerging technologies requires laying a solid foundation that delivers flexibility, scalability, and efficiency. Learn what the most pressing issues are, how to incorporate advances like software-defined storage, and strategies for streamlining the data center.
Twitter Feed
InformationWeek Radio
Archived InformationWeek Radio
Join us for a roundup of the top stories on for the week of November 6, 2016. We'll be talking with the editors and correspondents who brought you the top stories of the week to get the "story behind the story."
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Flash Poll