I was just reading this report from Cenzic - it makes for interesting reading!
For accuracy, I'll point out that the report states that web browser vulnerabilities comprised roughly 5% of the total application vulnerabilities - all the same, it's nice to see Microsoft doing so well.
I like the "top ten" list too (not that I like the fact that security is now all about the bad guys making money) - but this list has one company missing:
Read the report yourself - it does make for good reading.
Dave.
PingBack from http://www.ditii.com/2008/03/03/whos-got-the-most-secure-web-browser/
It's a great improvement for Microsoft, but I think that there is a simple explanation for that: Microsoft didn't really add new features to IE for the past 7 years. IE7 innovated basically as much as Mozilla or Opera or Webkit did in less than 1 year.
And while those guys improved the browsers with SVG, CSS3, excellent DOM and ECMAScript implementations, the IE team only fixed bugs (including security) and added tabs to the UI.
That's why I don't find it hard that IE is the most secure, because it's the one that had the fewest number of new features.
Furthermore, I believe that #5 in that top ten actually has a few things to do with Microsoft technology (ActiveX).
I believe that ActiveX is great, but just like Java, it has nothing to do in a Web Browser.
It's just my $.02
Thanks for the Report!!. I will send it across our company.
I am wondering, what security features will bring IE 8?
How can we test this vulnerabilites in our sites?
Regards,
Lorenzo