Study: Firefox wins browser time-to-patch race

A new report from Secunia is pouring more gas on the Internet Explorer vs. Mozilla Firefox security debate.

The security alerts aggregator collected and crunched the numbers on security flaws publicly reported — and fixed — by the two vendors and found that Mozilla easily won the time-to-patch race, despite having to respond to almost four times the number of vulnerabilities.

(Table shows window of exploitation for vulnerabilities publicly disclosed in IE and Firefox in 2008. The number of days unpatched are in red for those vulnerabilities that are still unpatched as of Dec. 1, 2008)

On average, according to the Secunia 2008 report (.pdf), Mozilla averaged 43 days to respond to 115 reported Firefox vulnerabilities while Microsoft took 110 days to release patches for 31 Internet Explorer holes.

* Image source: Channy Yun’s Flickr photostream (Creative Commons 2.0)

[Source: zdnet]