Friday, December 18, 2009

It Business Edge: How not to give writers credibility

RE: http://www.itbusinessedge.com/content/is-it-time-to-reconsider-firefox.aspx

http://www.hardforum.com/showthread.php?t=1479118

http://www.hardforum.com/showpost.php?p=1035072116&postcount=26

Quote:
Originally Posted by anthrex View Post
The real questions are which browser is more likely to reveal browser vulnerabilities; and which has the largest, most knowledgeable and critically looking community that has access to the browsers code?
This. Microsoft has a lousy history of not disclosing bugs until well after exploits are already on the market. Apple as well has a history of failing to disclose bugs until after exploits on are on the market. Both companies also have histories of failing to disclose many bugs that they receive, yet patch before exploits enter circulation, or bugs that never have any actual exploits made available.

Mozilla on the other hand... well... They and Chrome...

When a bug is posted for a Mozilla product here: https://bugzilla.mozilla.org/

It's posted. It's disclosed. There's no hiding it. There's no not telling investors. It's made available for everyone to see. As the common user can submit bug reports and errors in a public setting, Mozilla doesn't really ever have a chance to hide or obfuscate problems with the code.

When a bug is posted for a Google Chrome product here : http://www.chromium.org/for-testers/...ing-guidelines

Same thing. It's posted. It's disclosed. There's no hiding it. Sure, Google may not talk about bugs that affect their officially pre-compiled Chrome browser and ChromeOS, but as long as their source code is available, pretty much anybody can report bugs or exploits in the platform.

Like Microsoft and Apple, Opera doesn't maintain a public bug tracking system. While they do offer a form feedback, https://bugs.opera.com/wizard/, they point to a non-tracking system for followup.

Quote:
If your bug is being discussed in the Opera community forums, newsgroups, or mailing lists, a report has probably already been filed. Additional reports will then serve no purpose, as they will simply be marked as duplicates.
That being said, Opera has a history of accurately reporting problems and issues with their released binary code. Opera also has a tendency to follow an aggressive and constant patching strategy. I'm not exactly aware of Opera having hidden or failing to talk about exploits that were widely available for the platform.

KDE also has a bug tracking system : https://bugs.kde.org/ So bugs filed against the KHTML based Konqueror are again, like Mozilla and Chrome. The bugs are out there, no hiding, no obfuscating.

Now, from Chromium and Konqueror compiled against Mach BSD, we can get an idea of what kind of bugs Safari actually has, and what exploits could be used against Safari as all 3 share the same type of engine: KHTML / Webkit. That doesn't mean Apple's own behind-the-scenes mixing doesn't produce other odd errors.

Given what we know of the background data of the engines, and those producing the engines, I'm not really sure the author of the article knows what he's talking about if he's suggesting that we reconsider FireFox because of reported exploits. I'd almost say that sort of statement immediately disqualifies the author from any sort of credibility.

No comments: