Ask the average techie which browser has the most vulnerabilities, and odds are their answer will be "Internet Explorer, of course." Indeed, Microsoft's browser has endured plenty of slings and arrows -- and not entirely without justification -- but some of those projectiles should deservedly be aimed at Apple, Mozilla, and Google. According to a recent report from security company Secunia, IE suffered fewer CVEs (common vulnerabilities and exposures) than Safari, Firefox, or Chrome over the past year.
The finding lends further credence to the notion put forward by InfoWorld's Roger Grimes that a product's popularity plays a significant role in how often it gets targeted. IE dominates the browser markets and is thus the major target among hackers. As competing browsers gain popularity, their respective creators will have to step up their security measures -- and they all have work to do.
Mozilla Firefox has the dubious distinction of boasting the most CVEs, 96 in all with 15 vulnerability events, among the top 20 most vulnerable software products ranked by Secunia. The data was recorded from June 2009 through June 2010. IT security admins at IBM should take particular note of that finding, given that Big Blue recently pledge allegiance to the open source browser in the name of its transition to cloud computing.
Number 2 on Secunia's list: None other than Safari, the Web-browsing apple of Mac enthusiasts' eyes, with with 84 CVEs and 9 events. Given that usage of Safari is on the rise, thanks to the soaring popularity of Apple's mobile platforms, Steve Jobs may have to worry a bit less about the insecurity of Adobe's Web technologies and more about the various vulnerabilities in Apple software.
OK, perhaps Jobs should still keep an eye on Adobe's wares. The company has four of its products clustered in spots five through eight in Secunia's ranking. Reader and Acrobat tie with 69 CVEs and 7 events each while Flash Player and AIR tie with 51 CVEs and four events each.