Symantec report sparks safe-browser debate

Filed under
OSS

In its latest Internet Security Threat Report, released yesterday, security vendor Symantec Corp. noted that in the first six months of 2005, the open-source Firefox Web browser had more confirmed vulnerabilities than Microsoft Corp.'s Internet Explorer browser.

So does that mean that the Mozilla-based browser is less secure than proponents have said and that Internet Explorer is more secure than believed?

Not exactly, according to security experts.

But that's not the whole story, said Vincent Weafer, senior director of Symantec's Security Response Team.

"Vendors tend to report vulnerabilities differently," said Mike Schroepfer, director of engineering for the Mozilla open-source project. Microsoft tends to group several confirmed vulnerabilities together in one announcement and patch, whereas Mozilla announces each confirmed vulnerability individually. That skews the number of confirmed vulnerabilities.

Other security monitoring companies, such as Secunia in Copenhagen, show different results than Symantec. We still believe Firefox is the safest browser around.

Full Story.