Percentage of vulnerabilities, by browser  (Source: Cenzic)

Vulnerabilities by type  (Source: Cenzic)
Study raises interesting points, but does not account for the number of actual attacks

Security is a serious concern now more than ever, with hackers and cybercriminals becoming more organized and looking to profit on a wealth of stolen information.  Typically problems fall into the PICNIC variety -- Problem In Chair, Not In Computer -- but that does not change the fact that some platforms due to design are more vulnerable to attack.

Typically vulnerability arises from two things -- design flaws/oversights and the level of use.  For the latter reason, users of Microsoft Internet Explorer 8, despite the company's relatively meticulous in its patching, remain in danger due to its leading marketshare.

A new study from Cenzic looks at the design side of the equation, compiling vulnerability information from NIST, MITRE, SANS, US-CERT, OSVDB, OWASP, as well as other third party databases for Web application security issues reported during the first half of 2009.

The study offered some intriguing conclusions.  It found Mozilla's Firefox to be the most vulnerable browser, with Apple's Safari closely behind.  Safari would have done slightly better, but was hurt by numerous vulnerabilities found in the mobile version of Safari that ships with Apple's popular iPhone smart phone (and iPod Touch).

Whereas Firefox accounted for 44 percent of the vulnerabilities, despite having an estimated 30 percent or less marketshare, Microsoft did better than expected, only accounting for 15 percent of the vulnerabilities on close to 60 percent marketshare.  Of the browsers with known vulnerabilities, Opera proved to be the least vulnerable, having only 6 percent of the disclosed vulnerabilities, however its marketshare in the PC market is estimated to be only a few percent at most.  Google Chrome had no listed vulnerabilities.

The biggest source of vulnerabilities, according to the study, are web applications.  Web applications comprised 78 percent of the reported vulnerabilities.  Among the top offenders were web applications from Sun, IBM, and Apache. 

According to the study, the most prevalent vulnerabilities for the year were SQL Injection (25 percent) and Cross-Site Scripting (XSS) (17 percent).  Classic methods like exploitation of buffer errors continued to be popular as well.

When considering these numbers, it is important to keep in mind that the study did not look at the total number of attacks or actual number of affected users -- numbers that would be difficult to accurately estimate.  Thus some browsers like IE8 may actually be a bit more dangerous than the study indicates due to their leading marketshare, while others like Opera may be a bit more secure than indicated because of their tiny marketshare.

For Mozilla, though, the study does raise concern.  After all, Firefox both appears to be highly vulnerable and has the industry's second largest marketshare, second only to Microsoft.  The study echoes the conclusions of security firm Bit9, which last year listed Firefox as the app to pose the greatest risk to business security.

"Folks that want porn can buy an Android phone." -- Steve Jobs

Copyright 2017 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki