Percentage of vulnerabilities, by browser  (Source: Cenzic)

Vulnerabilities by type  (Source: Cenzic)
Study raises interesting points, but does not account for the number of actual attacks

Security is a serious concern now more than ever, with hackers and cybercriminals becoming more organized and looking to profit on a wealth of stolen information.  Typically problems fall into the PICNIC variety -- Problem In Chair, Not In Computer -- but that does not change the fact that some platforms due to design are more vulnerable to attack.

Typically vulnerability arises from two things -- design flaws/oversights and the level of use.  For the latter reason, users of Microsoft Internet Explorer 8, despite the company's relatively meticulous in its patching, remain in danger due to its leading marketshare.

A new study from Cenzic looks at the design side of the equation, compiling vulnerability information from NIST, MITRE, SANS, US-CERT, OSVDB, OWASP, as well as other third party databases for Web application security issues reported during the first half of 2009.

The study offered some intriguing conclusions.  It found Mozilla's Firefox to be the most vulnerable browser, with Apple's Safari closely behind.  Safari would have done slightly better, but was hurt by numerous vulnerabilities found in the mobile version of Safari that ships with Apple's popular iPhone smart phone (and iPod Touch).

Whereas Firefox accounted for 44 percent of the vulnerabilities, despite having an estimated 30 percent or less marketshare, Microsoft did better than expected, only accounting for 15 percent of the vulnerabilities on close to 60 percent marketshare.  Of the browsers with known vulnerabilities, Opera proved to be the least vulnerable, having only 6 percent of the disclosed vulnerabilities, however its marketshare in the PC market is estimated to be only a few percent at most.  Google Chrome had no listed vulnerabilities.

The biggest source of vulnerabilities, according to the study, are web applications.  Web applications comprised 78 percent of the reported vulnerabilities.  Among the top offenders were web applications from Sun, IBM, and Apache. 

According to the study, the most prevalent vulnerabilities for the year were SQL Injection (25 percent) and Cross-Site Scripting (XSS) (17 percent).  Classic methods like exploitation of buffer errors continued to be popular as well.

When considering these numbers, it is important to keep in mind that the study did not look at the total number of attacks or actual number of affected users -- numbers that would be difficult to accurately estimate.  Thus some browsers like IE8 may actually be a bit more dangerous than the study indicates due to their leading marketshare, while others like Opera may be a bit more secure than indicated because of their tiny marketshare.

For Mozilla, though, the study does raise concern.  After all, Firefox both appears to be highly vulnerable and has the industry's second largest marketshare, second only to Microsoft.  The study echoes the conclusions of security firm Bit9, which last year listed Firefox as the app to pose the greatest risk to business security.

“Then they pop up and say ‘Hello, surprise! Give us your money or we will shut you down!' Screw them. Seriously, screw them. You can quote me on that.” -- Newegg Chief Legal Officer Lee Cheng referencing patent trolls

Most Popular ArticlesNew iMac and Release Date
February 4, 2017, 9:30 AM
UMi Plus E – Powerfully Breaking Through 2017
February 15, 2017, 7:30 AM
Can your smartphone make you a safer driver?
February 15, 2017, 6:20 AM
Nvidia Titan X – Still The Ultimate Graphics Card
February 16, 2017, 6:16 AM
How Apple watch Series 2 differ from the S1
February 18, 2017, 5:37 AM

Copyright 2017 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki