Relative security of web browsers

According to the State of the Internet 2010 just  released by CA, it certainly looks like web browsers are the biggest single source of security problems. CA estimates that browser-based exploits now account for 84% of all actively exploited vulnerabilities. When we look at CA's estimates for what fraction of vulnerabilities each of the main browsers has and compare those to the usage share of the browsers we see something.

  • Internet Explorer has about a 51% usage share and accounts for about 22% of actively exploited vulnerabilities.
  • Firefox has about a 31% usage share and accounts for about 10% of actively exploited vulnerabilities.
  • Opera has about a 1% usage share and accounts for about 4% of actively exploited vulnerabilities.

If we expect hackers to be targeting browsers to help them carry out some sort of cybercrime, we'd expect the number of exploited vulnerabilities to be roughly representative of the user base for a particular browser. If that's the case, I have to wonder why Opera seems to have more exploited vulnerabilities that we'd expect.

Leave a Reply

Your email address will not be published. Required fields are marked *