On Sun, 01 Oct 2006 20:21:01 +0000, High Plains Thumper wrote:
> Erik Funkenbusch wrote:
>
>> I have yet to see any evidence of Mozilla fixing bugs
>> within days or even a week or 2 except in very rare cases.
>> They take months. Sometimes 4+ months.
>
> According to:
>
> http://www.symantec.com/specprog/threatreport/
> ent-whitepaper_symantec_internet_security_threat_report_
> x_09_2006.en-us.pdf
>
> http://tinyurl.com/s5qaz
>
> Page 61
>
> | There does not appear to be any discernible trend in patch
> | development times for Web browsers. This may be because
> | these times are influenced by the number of vulnerabilities
> | that are disclosed for each browser. Mozilla is the only
> | vendor whose patch development time has decreased
> | consistently over the past three six-month periods.
> | Generally speaking, Internet Explorer has the longest patch
> | development times of any browser. This may be due to the
> | vendor's practice of issuing patches on a regular monthly
> | schedule.
>
> Note, IE has longest patch development time in general.
>
> | Window of exposure, Web browsers
> |
> | The window of exposure is the difference between the
> | average patch development time and the average exploit code
> | development time for vulnerabilities in the selected Web
> | browsers. In the first half of 2006, Internet Explorer had
> | a window of exposure of nine days, down considerably from
> | 25 days in the second half of 2005 (figure 23). During this
> | reporting period, Apple Safari had a window of exposure of
> | five days, up from zero days in the second half of 2005.
> |
> | In the first half of 2006, Opera had a window of exposure
> | of two days, down considerably from 18 days during the
> | second half of 2005. In the first six months of 2006,
> | Mozilla had a window of exposure of one day. In the second
> | half of 2005, Mozilla had a window of exposure of negative
> | two days, meaning that exploits were generally released
> | after patches were available.
>
> Mozilla had a response time of 1 day from time of exploit to
> patch.
HPT, will you please stop using reason and verifiable facts to counter
FUDingbusch's arguments? I think Erik would be more fun to play with if we
all started to use his tactics.
--
Bobbie the Triple Killer
http://members.shaw.ca/bobbie4/index.htm
email Bobbie @ bobbie4R3MOV3TH1S@xxxxxxx
remember to 'remove this'
Bobbie recently switched to Ubuntu 6.
Why? Cause he can, that's why.
|
|