![]() I could go on, but these should already sufficiently demonstrate how ridiculous and wanting the arguments of the Firefox fanboys here are. ![]() Simply citing a number of issues does not cover this at all, and in reality, 5 issues rated as “severity: high” are arguably worse than 20 issues rated as “severity: low”. ![]() A number says nothing about whether an issue was trivial to exploit or not, required physical access to the machine or not, required user interaction or not etc. – The nominal number of security issues says nothing about the severity of any given issue. Who works with the Firefox codebase? Only Mozilla and the undermanned Tor Project, big fat LOL to that. All these work with the Chromium open source code, again increasing the likelihood of finding a security issue. – The number of projects based on any given engine is also a major determinator, most browsers are based on Chromium and there are thousands upon thousands of Electron apps. Google has various teams including the famous Project Zero that try to hack various software including their own, many of the discovered Chromium security issues are in fact in house reports. – How much companies invest in security research and related R&D also influences the nominal number of security issues discovered. Chromium could be 10 times as secure as Firefox and would still have a higher nominal number of security issues just due to the time, manpower and resources that go into hacking it vs. Firefox with a market share of a mere 3% is objectively not a valuable target / much less valuable target, so expecting adversaries to put the same time and resources into hacking Firefox vs. With 80% market share, Chromium is objectively a valuable target if you can hack it, you are statistically catching 80 out of 100 people. – Popularity of each given software is a major factor in what gets hacked and what doesn’t. Their definition misses the mark for several reasons: I define more secure as: “The application has exploit mitigations that make hacking it non-trivial.” They define secure as: “My browser has nominally fewer security issues reported.” They are here to shill for their dying, Google-funded browser to readers using the fake news that Firefox is “more secure”. Jody, there is no need to talk to these guys.
0 Comments
Leave a Reply. |