Software with fewer bugs is not necessarily less risky to use, according to a recent study conducted by the Honeynet Project.


The study analyzed client-side attacks in the wild using a large list of 300,000 URLs gathered during two weeks in May 2007 by automated virtual machines. Older versions of the three major browsers for Windows — Microsoft’s Internet Explorer 6 SP2, Mozilla’s Firefox 1.5.0, and Opera’s Opera 8.0.0 — were each used to browse the same subset, about 10 percent, of the sites. While researchers have disclosed about twice as many vulnerabilities for Firefox 1.5.0 as for Internet Explorer 6 SP2, the Honeynet Project found no attacks against the browser. Microsoft’s Web software, however, was compromised nearly 200 times.

http://www.securityfocus.com/brief/578