I agree that closed source tends to have more vulnerabilities because it is not publicly coded, but then again, Microsoft has more than the average amount of coders working on their projects. An inherent and systemic flaw in IE is that it is too closely tied to the OS which it runs on but this type of flaw can be fixed without removing IE entirely. The severity of flaws is not just a reflection upon coding but also upon the amount of users that the program has and/or the size of the public target.

Most open source projects may not have as many ?patches? as IE has, but they tend to release a new version of their product every time the smallest thing changes (i.e. some security flaw is found). How is this different than IE patching except that you have to re-install the entire product every time a new version is released? In reality you have to consider that IE isn?t perfect but we really have nothing to compare it to as its peer do we?

David Prinzing

Delta End, Inc

www.deltaend.com

www.deltaendhosting.com

[ reply ]

Link to this comment: http://www.securityfocus.com/comments/articles/11119/31822#31822