-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Firefox vs. Internet Explorer
,----[ Quote ]
| With regards to security, Internet Explorer 7.x is has about 13 times more
| vulnerabilities and advisories than Firefox 3, according to security site
| Secunia.com:
|
| * Vulnerability Report: Mozilla Firefox 3.x
| * Vulnerability Report: Microsoft Internet Explorer 7.x
`----
http://www.spreadfirefox.com/node/2990
O'Brien: Welcome to the new browser wars
,----[ Quote ]
| "It is going to be more challenging for people to build applications that
| work across all of these browsers," Ludwig said. "But it's not going to be as
| bad as it was in the late '90s."
`----
http://www.mercurynews.com/opinion/ci_10502398?nclick_check=1
When Microsoft disregards standards, none of this is surprising.
Recent:
Web security report says known vulnerabilities fall because criminals pay to
hide them
,----[ Quote ]
| Some researchers fear software vendors are now buying information on the
| vulnerabilities so they can fix them without anyone noticing.
|
| In other words, Rouland fears, "it is profitable not to (publicly) report a
| vulnerability."
`----
http://news.smh.com.au/web-security-report-says-known-vulnerabilities-fall-because-criminals-pay-to-hide-them/20080212-1rrs.html
Related:
Vista SP1 will contain undocumented fixes
,----[ Quote ]
| Interesting email in today mailbag: “Will SP1 contain undisclosed or
| undocumented security fixes?”
|
| For some people, counting the number of security flaws that one OS has
| compared to another is important because it offers a metric upon which to
| determine which OS is the most secure (personally, I feel that it’s a bogus
| metric, but I’ll let it slide for now). However, many claim that Microsoft
| stacks the deck in its favor by not disclosing a full list of vulnerabilities
| that have been patched by omitting to include those discovered and patched
| in-house.
`----
http://blogs.zdnet.com/hardware/?p=1225
Critical Vulnerability in Microsoft Metrics
,----[ Quote ]
| This is a small subset of all the vulnerabilities, because the
| vulnerabilities that are found through the QA process and the vulnerabilities
| that are found by the security folks they engage as contractors to perform
| penetration testing are fixed in service packs and major updates. For
| Microsoft this makes sense because these fixes get the benefit of a full test
| pass which is much more robust for a service pack or major release than it is
| for a security update.
`----
http://blog.mozilla.com/security/2007/11/30/critical-vulnerability-in-microsoft-metrics/
http://antitrust.slated.org/www.iowaconsumercase.org/011607/3000/PX03096.pdf
Skeletons in Microsoft’s Patch Day closet
,----[ Quote ]
| This is the first time I’ve seen Microsoft prominently admit to silently
| fixing vulnerabilities in its bulletins — a controversial practice that
| effectively reduces the number of publicly documented bug fixes (for those
| keeping count) and affects patch management/deployment decisions.
`----
http://blogs.zdnet.com/security/?p=316
Beware of undisclosed Microsoft patches
,----[ Quote ]
| Forget for a moment whether Microsoft is throwing off patch counts
| that Microsoft brass use to compare its security record with those
| of its competitors. What do you think of Redmond’s silent patching
| practice?
`----
http://blogs.zdnet.com/microsoft/?p=527
Microsoft is Counting Bugs Again
,----[ Quote ]
| Sorry, but Microsoft's self-evaluating security counting isn't really a
| good accounting.
|
| [...]
|
| The point: Don't count on security flaw counting. The real flaw is
| the counting.
`----
http://www.microsoft-watch.com/content/security/microsoft_is_counting_bugs_again.html?kc=MWRSS02129TX1K0000535
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iEYEARECAAYFAkjTkl0ACgkQU4xAY3RXLo7pBACgn85yrUL/R9WEWcfGEh+uTIsU
2bAAoJbcd/dW7OKp/mV6aWgOx18yy6jR
=qEdJ
-----END PGP SIGNATURE-----
|
|
