When More Bugs Can Mean Tighter Security
Dec 07, 2007, 16:45 (2 Talkback[s])
(Other stories by Tom Espiner)
WEBINAR: On-demand Event
Replace Oracle with the NoSQL Engagement Database: Why and how leading companies are making the switch REGISTER >
"Q: A recent study by Jeff Jones, a Microsoft security
strategy director, found Internet Explorer to be more secure than
Firefox. Are you surprised?
A: I'm surprised that bug counting, which is a terrible metric, was
used by Microsoft. It isn't easy to assess security, but bug
counting definitely isn't the way to do it. I'd rather talk about
time to fix the duration of the window where users are at risk,
which in our opinion is a much better metric..."