Internet Explorer deemed least vulnerable browser

IE boasts fewer critical vulnerabilities than Safari, Firefox, or Chrome, reports security company Secunia

Ask the average techie which browser has the most vulnerabilities, and odds are their answer will be "Internet Explorer, of course." Indeed, Microsoft's browser has endured plenty of slings and arrows -- and not entirely without justification -- but some of those projectiles should deservedly be aimed at Apple, Mozilla, and Google. According to a recent report from security company Secunia, IE suffered fewer CVEs (common vulnerabilities and exposures) than Safari, Firefox, or Chrome over the past year.

The finding lends further credence to the notion put forward by InfoWorld's Roger Grimes that a product's popularity plays a significant role in how often it gets targeted. IE dominates the browser markets and is thus the major target among hackers. As competing browsers gain popularity, their respective creators will have to step up their security measures -- and they all have work to do.

[ Also on Safari reveals personal info to potential hackers | Check out InfoWorld's Web Browser Security Deep Dive. ]

Mozilla Firefox has the dubious distinction of boasting the most CVEs, 96 in all with 15 vulnerability events, among the top 20 most vulnerable software products ranked by Secunia. The data was recorded from June 2009 through June 2010. IT security admins at IBM should take particular note of that finding, given that Big Blue recently pledge allegiance to the open source browser in the name of its transition to cloud computing.


Number 2 on Secunia's list: None other than Safari, the Web-browsing apple of Mac enthusiasts' eyes, with with 84 CVEs and 9 events. Given that usage of Safari is on the rise, thanks to the soaring popularity of Apple's mobile platforms, Steve Jobs may have to worry a bit less about the insecurity of Adobe's Web technologies and more about the various vulnerabilities in Apple software.

OK, perhaps Jobs should still keep an eye on Adobe's wares. The company has four of its products clustered in spots five through eight in Secunia's ranking. Reader and Acrobat tie with 69 CVEs and 7 events each while Flash Player and AIR tie with 51 CVEs and four events each.

Moving on, up-and-comer Google Chrome was also tagged with more vulnerabilities than IE: 70 CVEs and 14 events (just below third-place Java JRE, with 70 CVEs and 5 events). Maybe that's why the Google Chromium team, like Mozilla, has significantly upped the reward to security researchers who report security flaws.

That brings us to Internet Explorer, which is effectively ranked ninth on Secunia's list of the 20 most vulnerable software products. IE, despite its significantly higher installation share, had just 49 CVEs and 12 events in over the past year.

Secunia's report should be cause for vindication on Microsoft's part -- and cause for concern on the part of its competitors, particularly Apple. The company has successfully hidden its security flaws behind its relative obscurity, but now that Apple the darling of Wall Street and the creator of the most coveted mobile platforms, the blemishes on its skin are becoming all the more visible.

This article, "Internet Explorer deemed least vulnerable browser," was originally published at Get the first word on what the important tech news really means with the InfoWorld Tech Watch blog.

Copyright © 2010 IDG Communications, Inc.