Nassim KACHA wrote:
One speaker at Microsoft has dared to justify the slowness of IE compared
to its competitors by its highest level of security. You should know that
Microsoft makes a wide propaganda in Algeria.
You could oppose to that the following independent report that
integrates a lot of different calculations on vulnerabilities. Basically
all of them show IE as the weakest browser by far :
http://www.webdevout.net/browser-security
A major indicator of security, more than the absolute number of
incidents is how long they go without being patched.
This is now a bit dated but the score of IE6 in 2006 in this regard was
abysmal :
http://blog.washingtonpost.com/securityfix/2007/01/internet_explorer_unsafe_for_2.html
For a much more recent data, you can use the Pwn2Own 2010 example.
Two vulnerability against both Firefox and IE were disclosed at that
time, Mozilla issued a corrected version of Firefox on the 1st April
only 8 days later :
http://www.zdnet.com/blog/security/mozilla-firefox-first-to-patch-pwn2own-vulnerability/6008
But the fix for IE was published only on the 8 of June, one month and a
half after the vulnerability has been known :
http://www.zdnet.com/blog/security/microsoft-finally-fixes-pwn2own-browser-flaw/6628
_______________________________________________
dev-security mailing list
dev-security@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-security
