So this washed up in my inbox this morning. An email pimping a security appliance under this header "How Firefox Affects Your Business Security". In it was this frightening statistic:
In this blog, Web Browser Vulnerability Report, ProSecure determined that the Firefox browser, based on open-source Mozilla, accounted for 44 percent of all browser vulnerabilities reported in the first half of 2009!
What's my beef? Well, how about giving the figure for IE vulnerabilities? (My snap reaction to reading "Firefox ... accounted for 44 percent of all browser vulnerabilities" was and IE had the other 56%! But that's not necessarily fair to IE, and it misses the larger point.
Why would an open source browser churn up such a huge fraction of bug reports? Perhaps that's because -- as one of the most used browsers on Earth -- a lot of eyes are scrutinizing the code to find problems and fix them. As opposed to the for-profit, closed-source model where vulnerabilities are much harder to find and companies can choose to ignore a bug until someone with a black hat finds the vulnerability and starts making hay with it.
There are lies, damned lies, and statistics.