A <a href="http://www.schneier.com/blog/archives/2005/12/internet_explor.html">post over at Schneier on Security</a> talks about a study that tracked public, unpatched flaws in Firefox, IE and Opera. Most studies I've seen track number of vulnerabilities, etc but this is the first I saw that specifically looked at public non-patched ones. It gives you an idea of how many days a year you were vulnerable at the minimum, presuming you keep things up to date. This was for 2004.
  • MSIE was 98% unsafe. There were only 7 days in 2004 without an unpatched publicly disclosed security hole.
  • Firefox was 15% unsafe. There were 56 days with an unpatched publicly disclosed security hole. 30 of those days were a Mac hole that only affected Mac users. Windows Firefox was 7% unsafe.
  • Opera was 17% unsafe: 65 days. That number is accidentally a little better than it should be, as two of the upatched periods happened to overlap.

Some humorous comments including “outbreak and outbreak express”.

Technorati Tags: , , , ,