Vulnerabilities in Browsers: Trends in Internet Explorer and Firefox
Jinyoo Kim, Omar Alhazmi and Yashwant Malaiya
The 17th IEEE International Symposium on Software Reliability Engineering: Fast Abstracts (ISSRE 2006)
Raleigh, North Carolina, USA, November 6-10 2006
Abstract
Since the browsers serve as the gateway to the web, vulnerabilities in browsers can have great impact. Recently there has been considerable debate about the vulnerabilities in the two major browsers Microsoft Internet Explorer and Mozilla Firefox which represent two opposite development paradigms. Here we present a quantitative perspective involving vulnerability detection rates, severity and patch development. The available data suggests that the popular perceptions can sometimes be inaccurate and a detailed quantitative analysis of the data is needed for a careful evaluation of the risk. Making projections for the near future requires an understanding of the longer term trends. The need for reconciling alternating conventions for enumerating the vulnerabilities is also identified.