While I agree that that's probably a good measure, I don't think it's feasible. Many exploits are reported privately to the company first, so they have time to fix them. After the fact reporting by the company would create an incentive to underestimate the amount of time it took. Finding the reporters may be hard, and even if they are inclined to comment on when they found it, you can't really trust them, since their incentives aren't clear either. They may love the browser, or hate it...
Yes, but that has problems too, as I pointed out in my previous post:
> Finding the reporters may be hard, and even if they are inclined to comment on when they found it, you can't really trust them, since their incentives aren't clear either. They may love the browser, or hate it...
That's a technical problem, nothing more. At the moment of sending off the message to the company you could post your message digest to a secure server somewhere.
Only if the reporter wants to go through hoops like that. The more work it is, the less likely they are to want to do that. That's especially so since there's no advantage for them in doing so...
Is this an article from The Onion? I am trying to come up with a cute little one-liner that equals the "roll-eyes" level of this article, but nothing compares.
There's really not much information either in the article, or in the PDF it's summarizing. I mean yes, the count is higher, but why? They also say that the number of 'safari' bugs has skyrocketed because of vulnerabilities found in the iPhone version- does this mean they're double counting webkit problems, or are there actually unique vulnerabilities in the iPhone specific libraries?
In any case, that's not a security report so much as it is a long form advertisement for Cenzic, whoever they are.
It's not unexpected:
- more releases
- open source code
exploits and bugs are easier to find. It doesn't really say much about the safety of FireFox (provided your up to date :))
With all that said it does raise a few questions about Mozilla's code auditing and security procedures. Surely this is something they should take note of to increase the amount of time spent testing new and old code in releases.
Hey, wait! Where's the "Market Share" argument when you need it (and it works against IE)?
Doesn't Doctrine and Dogma inform us that a larger share of the flaws just mean a larger market share? I mean, I hear that all the time about Windows incarnations.
Looks like you're new here. Welcome, and thanks for sharing the story :)
Your comment here is on the story directly, even though you're addressing specific responses. Next time, please click on the 'reply' links right below the message you're replying to, and skip the @notation. Also, since there might be hundreds of people looking at what you write, try to avoid one-liners intended for one person, or generally any messages without interesting content. The rest of us will try to do the same :) Cheers!
I like using two browsers - one of them with just HTML (and CSS, no plugins, no javascript and cookies turned off), for general reading, search and scouting.
A good portion of the web is still readable, usually the better part, and works much faster. Make image loading optional for extra speed. It's amusing how some sites fire volleys of 6 or 7 cookies at you (if you choose notifications about that). And some even manage to be annoying with just CSS and images.
well you want "release early, release often", then you live with bugs
clearly ff should pay more attention to quality, but i don't want to go to an IE-like model of only updating the browser every 2.5 years...its likely this lagged release model coupled with microsoft's closed source that also results in fewer bug reports
opera in last is no shock, no one uses it
no one should be surprised that the two browsers with the most releases, access to source and the shortest development cycles have the most bugs...they also have the most features
WebKit has a dramatically faster development cycle than Firefox, much less Gecko itself. They also have a much larger and more diverse community of people hacking on and interfacing with the rendering engine, since it's actually palatable to link against without the XUL ball-and-chain.
Ahem, I use it. I'm actually surprised the count's so low, since I have minor but consistent issues with sites such as Facebook. Or perhaps those sorts of bugs aren't included (and I suppose it might be Facebook's fault, since O10 does pass Acid3).
They only counted security problems, not bugs in the implementation of html, css and so on. Otherwise IE would be the worst offender by a wide margin.
p.s.: I use Opera too and the browser market is an amusing market. It is a market where you can have about 3% of 1.7 billion internet users and people still say "no one" is using your software.
So, if there are three exploits, one is patched after 48 hours, the second in 24 and one in a week that should count as 10 bug days.
Then do the same for all browsers.