When More Bugs Can Mean Tighter Security
Dec 07, 2007, 16:45 (2 Talkback[s])
(Other stories by Tom Espiner)
"Q: A recent study by Jeff Jones, a Microsoft security
strategy director, found Internet Explorer to be more secure than
Firefox. Are you surprised?
A: I'm surprised that bug counting, which is a terrible metric, was
used by Microsoft. It isn't easy to assess security, but bug
counting definitely isn't the way to do it. I'd rather talk about
time to fix the duration of the window where users are at risk,
which in our opinion is a much better metric..."