Also, as the Symmantec article states, their report is dealing with
'vendor-confirmed vulnerabilities', which means 'vulnerability in
Firefox according to Mozilla' vs. 'vulnerability in IE according to
Microsoft'. Given that there's no way to ensure these are the same
standard (and I suspect most of us are sure it is NOT the same
standard), this isn't a very useful measurement in my view.
alex
Kenneth wrote:
>Up to a point, this is the argument that appears
>several times per week on the *.advocacy usenet
>groups. The number of vulerabilities isn't the whole
>issue.
>
>In open source code, often vulnerabilities are spotted
>by the community, and can be patched before being
>exploited. We only hear about vulnerabilities in MS
>products after they have been exploited. If MS has
>any internal security auditing team, and they found
>some that had not been exploited, we would never know
>about them, they would simply be patched (or not) with
>the next update.
>
>I don't know how much of this applies to firefox,
>maybe it is less secure for all I know, but this is
>the general argument when people talk about number of
>vulnerabilities in MS vs OSS.
>
>
>
---------------------------------------------------
PLUG-discuss mailing list -
PLUG-discuss@lists.plug.phoenix.az.us
To subscribe, unsubscribe, or to change you mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
(text/plain)