This line of argument is disappointing. What bothers me most is the constant line of people who cause such a fuss when a bug is found and subsequently fixed. What seems to be missed by a lot of people here is that Firefox now has one less bug, not one more. With more users of open source code, more bugs are found and fixed.

I agree with some of the above posters in one regard: all software is inherently able to be exploited. All that can make one piece of software more secure than another is whether the 'business' model will pick up the bugs and will release fixes quickly. I would contest that bugs are found quicker when a huge range of people can view the code. While your average user will not read the code, a vast number of open source products re-use code from one-another and peer review of code is common. The second point of contrast is the speed of release; in a matter of days a RC can be downloaded to fix this exploit. Feel free to compare this with Internet Explorer vulnerabilities if you wish.

Firefox was built with security in mind and I believe that makes a difference. Firefox has open code that allows a wide range of views to be cast on the subject; it may not have the staffing of IE, but it has a wider diversity in its expertise. If absolutely nothing else can be said, Firefox has made Microsoft do something about security by making it an important criterion in a user's choice of browser.

Aaron

[ reply ]

Link to this comment: http://www.securityfocus.com/comments/articles/11119/31833#31833