Mozilla Disputes Bit9's Claim That Firefox is "Most Vulnerable App"

From DailyTech: A recent security study from Bit9 argued that Mozilla's Firefox was the most vulnerable application and thus a major threat to businesses. One of the chief reasons it gave was the lack of a large-network patching system. For this reason, despite recent security flaws, it did not consider Microsoft's Internet Explorer software, as it assumed that such a patching system dramatically lowered vulnerability.

Bit9 went as far as to suggest that enterprises block their employees from having access to Firefox and delete it from work computers.

Some firms, including Mozilla, were quick to take issue with Bit9's alarming comments. Representatives from Mozilla's security branch, Human Shield contacted DailyTech with remarks on the topic. The company's Johnathan Nightingale states, "While we're always happy to see stories that focus on educating our users about security, there are some problems with Bit9's methodology that hinder its ability to draw any meaningful conclusions."

According to Mr. Nightingale, by raising the "risk" of companies which disclose critical vulnerabilities, Bit9's study punishes openness, a critical key to security. It rewards companies that keep their vulnerabilities secret, he argues.

He also criticizes Bit9's stance on patching, stating that the firm's claims fall short of reality. He states, "Bit9 seems to understand (the need for smarter metrics) in its focus on application support for updates, but again it fails to account for the real world experience. Firefox does not deliver WSUS updates, but our built-in update mechanism requires no user intervention, and we consistently see 90% adoption within six days of a new update being released."

View: Article @ Source Site