Microsoft and Mozilla Lock Horns Over Browser Security

They're at it again! Browser giants Microsoft and Mozilla find themselves in the middle of a highly publicized debate for the second time in a month. This round's not-so-friendly discussion revolves around which company's browser is more secure, Internet Explorer or Firefox. It all started last week when Jeff Jones, a Strategy Director in Microsoft's Security Technology Unit, released a report analyzing vulnerabilities within the two browsers in question.

The Browser Vulnerability Analysis of Internet Explorer and Firefox studies vulnerabilities over the past 3 years, breaking them down by volume, severity, and more. The report shows IE having a significantly lower number of vulnerabilities reported during this time period. "While the results in this study showing fewer vulnerabilities in Internet Explorer might be surprising to some, to others the results will simply be a confirmation that improving security is a hard job even with the best of intentions," said Jones. "Further, it shows that with commitment and focused effort, vendors can make progress in improving computer security for software products."

Mozilla quickly shot back, discounting Jones's reporting methods as well as the usefulness of strictly counting bugs. Chief Security Officer Window Snyder blogged that the analysis is flawed for a number of reasons, one being the fact that it only counts those issues reported externally and fixed in security updates. Not included in the vulnerability tally are those discovered during the internal testing process, which are sometimes addressed in Windows service packs or major updates. "Extending this process to include fixes that are ready and just sitting on the tree waiting for the preferred vehicle to ship increases risk for users," said Snyder. "But it sure keeps those bug count numbers down."

In an interview with eWEEK, Mozilla chief evangelist Mike Shaver turned up the heat on Microsoft even further by stating that the report is "something you'd expect from maybe an undergrad." Tensions between the two browser makers continue to mount, and it is probably safe to say that this battle of the blogs is far from over.