Software with fewer bugs is not necessarily less risky to use, according to a recent study conducted by the Honeynet Project.

The study
analyzed client-side attacks in the wild using a large list of 300,000
URLs gathered during two weeks in May 2007 by automated virtual
machines. Older versions of the three major browsers for Windows —
Microsoft’s Internet Explorer 6 SP2, Mozilla’s Firefox 1.5.0, and
Opera’s Opera 8.0.0 — were each used to browse the same subset, about
10 percent, of the sites. While researchers have disclosed about twice
as many vulnerabilities for Firefox 1.5.0 as for Internet Explorer 6
SP2, the Honeynet Project found no attacks against the browser.
Microsoft’s Web software, however, was compromised nearly 200 times.