PHWinfo - Afficher un message - why do iceweasel et al have more frequent security issues?

26/07/2007, 20h50

On Thu, Jul 26, 2007 at 02:06:11PM -0400, Douglas Allan Tutty wrote:
> On Thu, Jul 26, 2007 at 07:13:48PM +0200, Mathias Brodala wrote:
> > Douglas Allan Tutty, 26.07.2007 18:23:
> > > It seems that the mozilla-derived browsers have security issues
> > > requiring updates far more frequently than other browsers like Konqueror
> > > or links2.
> >
> > Aside from the fact that one software really can be more secure than another one
> > is this the result of an increased usage. The more people use Gecko browsers,
> > the more bugs can be found willingly or unwillingly. And the more people use
> > Gecko browsers, the more lucrative is it to find security holes and damage
> > systems this way.
>
> So this suggests that its a tradeoff: more users of Gecko means more
> people reporting bugs and therefore more bug fixes but also a more
> lucrative target for security threats; Konq may have more undiscovered
> security holes but they are undiscovered both by bug fixers and security
> threats?
>
> Is this the gist of the situation?

yes, but it amounts to security by obscurity... IOW, don't count on a
smaller user base to provide security simply because its a less
lucrative target... nothing prevents someone from looking for the
security holes that are surely there even if its less lucrative.

A

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFGqOfkaIeIEqwil4YRAjKEAJ414nCDmG4QoSlIijOZ3P et0/JicwCgpGb0
fepZ75pvhh7dyY17bNfoF5Q=
=C6QY
-----END PGP SIGNATURE-----

26/07/2007, 20h50	#9
Andrew Sackville-West Messages: n/a Hébergeur:	Re: why do iceweasel et al have more frequent security issues? On Thu, Jul 26, 2007 at 02:06:11PM -0400, Douglas Allan Tutty wrote: > On Thu, Jul 26, 2007 at 07:13:48PM +0200, Mathias Brodala wrote: > > Douglas Allan Tutty, 26.07.2007 18:23: > > > It seems that the mozilla-derived browsers have security issues > > > requiring updates far more frequently than other browsers like Konqueror > > > or links2. > > > > Aside from the fact that one software really can be more secure than another one > > is this the result of an increased usage. The more people use Gecko browsers, > > the more bugs can be found willingly or unwillingly. And the more people use > > Gecko browsers, the more lucrative is it to find security holes and damage > > systems this way. > > So this suggests that its a tradeoff: more users of Gecko means more > people reporting bugs and therefore more bug fixes but also a more > lucrative target for security threats; Konq may have more undiscovered > security holes but they are undiscovered both by bug fixers and security > threats? > > Is this the gist of the situation? yes, but it amounts to security by obscurity... IOW, don't count on a smaller user base to provide security simply because its a less lucrative target... nothing prevents someone from looking for the security holes that are surely there even if its less lucrative. A -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) iD8DBQFGqOfkaIeIEqwil4YRAjKEAJ414nCDmG4QoSlIijOZ3P et0/JicwCgpGb0 fepZ75pvhh7dyY17bNfoF5Q= =C6QY -----END PGP SIGNATURE-----