When More Bugs Can Mean Tighter Security Dec 7, 2007, 16 :45 UTC (2 Talkback[s]) (4500 reads) (Other stories by Tom Espiner)
"Q: A recent study by Jeff Jones, a Microsoft security strategy director, found Internet Explorer to be more secure than Firefox. Are you surprised?
A: I'm surprised that bug counting, which is a terrible metric, was used by Microsoft. It isn't easy to assess security, but bug counting definitely isn't the way to do it. I'd rather talk about time to fix the duration of the window where users are at risk, which in our opinion is a much better metric..."