

Firefox flaws account for 44% of all browser bugs - novicecoder
http://www.computerworld.com/s/article/9140582/Firefox_flaws_account_for_44_of_all_browser_bugs

======
jacquesm
I think a better measure of this would be to count the total number of days
exploits are 'open'.

So, if there are three exploits, one is patched after 48 hours, the second in
24 and one in a week that should count as 10 bug days.

Then do the same for all browsers.

~~~
lucumo
While I agree that that's probably a good measure, I don't think it's
feasible. Many exploits are reported privately to the company first, so they
have time to fix them. After the fact reporting by the company would create an
incentive to underestimate the amount of time it took. Finding the reporters
may be hard, and even if they are inclined to comment on when they found it,
you can't really trust them, since their incentives aren't clear either. They
may love the browser, or hate it...

~~~
jacquesm
The person that discovered the bug originally would be the authority, not the
company.

~~~
lucumo
Yes, but that has problems too, as I pointed out in my previous post:

 _> Finding the reporters may be hard, and even if they are inclined to
comment on when they found it, you can't really trust them, since their
incentives aren't clear either. They may love the browser, or hate it..._

~~~
jacquesm
That's a technical problem, nothing more. At the moment of sending off the
message to the company you could post your message digest to a secure server
somewhere.

~~~
lucumo
Only if the reporter wants to go through hoops like that. The more work it is,
the less likely they are to want to do that. That's especially so since
there's no advantage for them in doing so...

------
rbranson
Is this an article from The Onion? I am trying to come up with a cute little
one-liner that equals the "roll-eyes" level of this article, but nothing
compares.

------
krakensden
There's really not much information either in the article, or in the PDF it's
summarizing. I mean yes, the count is higher, but why? They also say that the
number of 'safari' bugs has skyrocketed because of vulnerabilities found in
the iPhone version- does this mean they're double counting webkit problems, or
are there actually unique vulnerabilities in the iPhone specific libraries?

In any case, that's not a security report so much as it is a long form
advertisement for Cenzic, whoever they are.

------
buugs
[http://www.itbusinessedge.com/cm/community/news/sec/blog/fir...](http://www.itbusinessedge.com/cm/community/news/sec/blog/firefox-
tops-cenzics-vulnerability-list/?cs=37341)

------
didroe
>Firefox accounted for 44% of all browser bugs _reported_ in the first half of
the year.

And what about the ones that closed source IE and Opera didn't report?

------
ErrantX
It's not unexpected: \- more releases \- open source code

exploits and bugs are easier to find. It doesn't really say much about the
safety of FireFox (provided your up to date :))

With all that said it _does_ raise a few questions about Mozilla's code
auditing and security procedures. Surely this is something they should take
note of to increase the amount of time spent testing new and old code in
releases.

------
bediger
Hey, wait! Where's the "Market Share" argument when you need it (and it works
against IE)?

Doesn't Doctrine and Dogma inform us that a larger share of the flaws just
mean a larger market share? I mean, I hear that all the time about Windows
incarnations.

------
ableal
I like using _two_ browsers - one of them with just HTML (and CSS, no plugins,
no javascript and cookies turned off), for general reading, search and
scouting.

A good portion of the web is still readable, usually the better part, and
works much faster. Make image loading optional for extra speed. It's amusing
how some sites fire volleys of 6 or 7 cookies at you (if you choose
notifications about that). And some even manage to be annoying with just CSS
and images.

------
b05us
well you want "release early, release often", then you live with bugs

clearly ff should pay more attention to quality, but i don't want to go to an
IE-like model of only updating the browser every 2.5 years...its likely this
lagged release model coupled with microsoft's closed source that also results
in fewer bug reports

opera in last is no shock, no one uses it

no one should be surprised that the two browsers with the most releases,
access to source and the shortest development cycles have the most bugs...they
also have the most features

~~~
endtime
>opera in last is no shock, no one uses it

Ahem, _I_ use it. I'm actually surprised the count's so low, since I have
minor but consistent issues with sites such as Facebook. Or perhaps those
sorts of bugs aren't included (and I suppose it might be Facebook's fault,
since O10 does pass Acid3).

~~~
sgift
They only counted security problems, not bugs in the implementation of html,
css and so on. Otherwise IE would be the worst offender by a wide margin.

p.s.: I use Opera too and the browser market is an amusing market. It is a
market where you can have about 3% of 1.7 billion internet users and people
still say "no one" is using your software.

------
c00p3r
You can also read directly at microsoft.com to get a fair and unbiased
information about web browsers.

Is there aren't Google Chrome around?

------
omouse
Who reads ComputerWorld, seriously?

