On 29.08.2010 12:42, Nassim KACHA wrote:
Hello
Let me send you this message because I have recently been outraged by an
article in the Algerian press.
One speaker at Microsoft has dared to justify the slowness of IE compared
to its competitors by its highest level of security. You should know that
Microsoft makes a wide propaganda in Algeria.
With the aim of drafting an article on my blog, I would like to have the
view of some Firefox developers about the safety of their product compared
to Microsoft's IE.
It's hard to get good data on this, because you can take security
features (but how effective are they? Are the security weaknesses
worse?) or security bug statistics (but how do you measure? What defines
a security bug, as there are different severities?)
One good measure is: Take only the bugs that allow the attacker to gain
full access to all the user's files, by just navigating to a website.
Then count the time from when they were known (to the vendor or many
people or the public) until they were fixed for end-users. Then add all
those days over the year. The browser with the most days loses.
With this measurement, which I find the most practically relevant and
fair, usually Firefox is in good shape, while MSIE is still rating
badly. They did make progress, though, they used to be a lot worse even.
Ben
_______________________________________________
dev-security mailing list
dev-security@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-security
