Critical Vulnerability in Browser Security Metrics

Date Added: May 2010
Format: PDF

Every time a browser vendor releases a patch for a critical vulnerability, the popular news media publishes a slew of negative press paper detailing the security holes that have been announced in the product. Users who read these papers often decide to switch to a "Safer" browser. The negative press associated with security patch releases has a number of unhealthy effects on the industry. The authors challenge the conventional wisdom of the current browser security evaluation paradigm: that browsers that receive infrequent security patches are safer than browsers that receive frequent patches, that browsers with a lower bug count are safer, and that reducing browser vulnerabilities is the only path that a browser vendor can follow to improve security