Also, as the Symmantec article states, their report is dealing with 
'vendor-confirmed vulnerabilities', which means 'vulnerability in 
Firefox according to Mozilla' vs. 'vulnerability in IE according to 
Microsoft'.  Given that there's no way to ensure these are the same 
standard (and I suspect most of us are sure it is NOT the same 
standard), this isn't a very useful measurement in my view.

alex

Kenneth wrote:

>Up to a point, this is the argument that appears
>several times per week on the *.advocacy usenet
>groups.  The number of vulerabilities isn't the whole
>issue.
>
>In open source code, often vulnerabilities are spotted
>by the community, and can be patched before being
>exploited.  We only hear about vulnerabilities in MS
>products after they have been exploited.  If MS has
>any internal security auditing team, and they found
>some that had not been exploited, we would never know
>about them, they would simply be patched (or not) with
>the next update.
>
>I don't know how much of this applies to firefox,
>maybe it is less secure for all I know, but this is
>the general argument when people talk about number of
>vulnerabilities in MS vs OSS.
>
>  
>

---------------------------------------------------
PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us
To subscribe, unsubscribe, or to change  you mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss