Detailed Firefox and IE vulnerability report


When I wrote "Is the Firefox honeymoon over" two weeks ago, it stirred up a huge debate that continued for days. Yesterday, Dan Farber interviewed the 20-year-old co-creator of Firefox Blake Ross in a podcast where he addressed the criticism of Firefox in the media and my blog in particular. Ross criticized the analysis in my blog on two main points.

* No comparisons in the severity of the flaws
* No comparisons in the response time to fix the flaws.

On the first point, Ross is absolutely right that the severity of a vulnerability is critical. Because I didn't set out to do a formal security analysis of Firefox and Internet Explorer, I created an overly simplified comparison. Since this has sparked a huge debate, my original analysis is not sufficient to be conclusive. Ross believes that Internet Explorer's vulnerabilities are much worse than Firefox vulnerabilities so we'll have to see if he's right.

On the second point, Ross believes Firefox is more responsive to security vulnerabilities and delivers more timely patches. Ross even quoted that Internet Explorer had about "10 to 15" unpatched vulnerabilities, so we'll have to see if he's right. - George Ou | ZDNet.com

Linked by shanmuga Tuesday, 27th September 2005 10:08PM