In its 2007 security report, Secunia analyzed a limited set of vulnerabilities that were disclosed publicly, before vendor notification, and found that Mozilla on average patched Firefox flaws more quickly than Microsoft patched holes in Internet Explorer.
Secunia's report also notes that Internet Explorer had fewer vulnerabilities than Firefox in 2007 (43 compared to 64). In December, Jeff Jones, security strategy director in Microsoft's Trustworthy Computing group, presented similar statistics to support his claim that Internet Explorer was more secure than Firefox.
Mike Schroepfer, Mozilla's VP of engineering, in a blog post dismissed the idea that vulnerability counts matter. Citing the absence of a public IE bug database, he said, "There is no way for anyone outside of Microsoft to confirm how many vulnerabilities ever existed in Internet Explorer."
One area where Firefox appears to best Internet Explorer is in the number of vulnerabilities reported in browser add-ons. There were six vulnerabilities reported in Firefox extensions and 339 vulnerabilities in ActiveX controls in 2007, according to Secunia. It should be noted, however, that browser add-ons are generally developed by third-party programmers, who are ultimately responsible for writing safe code.
Microsoft has been working to help developers write safer ActiveX controls, though in light of the large number of vulnerabilities cited by Secunia, its efforts leave something to be desired.
"If an independent software vendor discovers that they have shipped a vulnerable control, they can work with Microsoft to issue an update that disables that control," a Microsoft official said in an e-mail on Thursday. "Up until this time, email@example.com has not been contacted directly by any company regarding the recent public reports of vulnerabilities in ActiveX controls."
[Interop ITX 2017] State Of DevOps ReportThe DevOps movement brings application development and infrastructure operations together to increase efficiency and deploy applications more quickly. But embracing DevOps means making significant cultural, organizational, and technological changes. This research report will examine how and why IT organizations are adopting DevOps methodologies, the effects on their staff and processes, and the tools they are utilizing for the best results.
Digital Transformation Myths & TruthsTransformation is on every IT organization's to-do list, but effectively transforming IT means a major shift in technology as well as business models and culture. In this IT Trend Report, we examine some of the misconceptions of digital transformation and look at steps you can take to succeed technically and culturally.