Tak je nešiřte a chytněte se za nos, jak neuvěřitelně děravý cedník pokud jde o bezpečnost používáte. A když tomu neorzumíte, tak buďte sticha. Prostě sčítat chyby mohou jen lidi, kteří o tom vědí velký prd, nebo´t uživatele opravené chyby nemohou ohrožovat.
http://www.webdevout.net/browser-security
"The window of exposure is the difference in days between the time when exploit
code affecting a vulnerability is made public and the time when the affected
vendor makes a patch publicly available for that vulnerability. During this
time, the computer or system on which the affected application is deployed
may be susceptible to attack."
1. pololetí 2006
1 den Mozilla Firefox
9 dní Internet Explorer
21 dní Opera
57 dní Safari
2. pololetí 2006
2 dny Mozilla Firefox
10 dní Internet Explorer
23 dní Opera
62 dní Safari
1. pololetí 2007
3 dny Safari
4 dny Opera
5 dní Mozilla Firefox
6 dní Internet Explorer
2. pololetí 2007
1 den Safari
2 den Opera
3 dní Mozilla Firefox
11 dní Internet Explorer
"The exploit development time for all vendors in both reporting periods was zero
days. This indicates that exploits were released within a day of vulnerability
publication and often in tandem with a vulnerability announcement. This shows a
tendency on the part of security researchers to release exploits as they
announce vulnerabilities, but may also indicate that exploit development for
browsers has been refined to the point where exploits can be developed with
little delay. This practice puts pressure on the vendor to address the
vulnerability in a shorter time frame because the availability of exploit code
puts users at risk."
"Firefox má nejlepší systém aktualizace mezi prohlížeči. Odvolává se přitom na
studii společnosti Secunia, ve které stojí, že pouze 5,19 % uživatelů Firefoxu 2
nemá nainstalovanou poslední bezpečností záplatu. Následují uživatelé MSIE 7 s
5,4 %, MSIE 6 s 9,6 % a Opery 9 s téměř 12 % nezabezpečených instalací."
http://www.czilla.cz/zpravicky/firefox-ma-nejlepsi-system-aktualizace/
"Interestingly, the Mozilla Foundation is one of the few vendors to offer a “bug
bounty” program, which provides monetary rewards to security researchers for
discovering and reporting vulnerabilities to the vendor"
http://eval.symantec.com/mktginfo/enterprise/white_papers/ent-whitepaper_interne
t_security_threat_report_xi_03_2007.en-us.pdf
http://www.mozilla.org/security/bug-bounty.html