From the ‘if it’s broke fix it‘ files:
According to a new report from Security vendor Secunia on vulnerabilities in 2008, Mozilla’s Firefox web browser topped the list at 115 reported issues. In comparison, Apple Safari had 32, Microsoft Internet Explorer (IE) had 31 and Opera had 30.
Simply counting vulnerabilities alone – does not make one browser less secure than another. Rather how fast a browser vendor is able to fix issues and not leave users exposed to risk is something that could define a more or less secure browser
.
According to Secunia’s analysis, for vulnerabilities that were disclosed without or prior to vendor notification, Mozilla was significantly faster that Microsoft. Mozilla has a low of 15 days to a high of 86 days until such non-vendor disclosed issues were fixed. On the other hand Microsoft had a low of 78 days with a high of 294 days.
To be fair, the issues that Secunia has identified in the time to patch category range in severity and certainly not every issue identified was critical. That said it’s still interesting to note the time to patch as an interesting metric and perhaps as a leading indicator of browser security.