Which browser is the riskiest? The answer may surprise you.

Microsoft's efforts to solve server-side Web vulnerabilities and to patch its Internet Explorer client, may be paying off.  While IE is still the most widely used browser for viewing content on the Internet--and thus, the most widely targeted for assaults--it had the second best ranking among the top four browsers in sidestepping vulnerabilities, according to a  new study.

The report, from application security firm Cenzic, analyzed a number of Web security issues reported in the first half of this year. The browser comparison was only one part of the study, called, "Web Application Security Trends Report: Q1-Q2, 2009" (PDF download).

Firefox was the most vulnerable browser, logging 44 percent of the total vulnerabilities found, according to the report. Safari, at 35 percent, ranked next to Firefox at the bottom. IE had 15 percent of the vulnerabilities, and Opera only 6 percent.

Firefox, Microsoft's most robust rival in the browser market, reportedly has an estimated 330 million users and recently passed its fifth anniversary.

IE is still the most-used browser, followed by Firefox, Apple Safari, Google Chrome (which Cenzic didn't study) and Opera.

In addition to looking at browser security, Cenzic found that 78 percent of the total vulnerabilities were due to Web components. Web component vulnerabilities have increased since last year's report.

Microsoft at least seems somewhat attuned to the issue. A large theme in Microsoft's September patch cycle had to do with plugging such Web component vulnerabilities.

Cenzic also found bugs in Web servers, browser plug-ins and Microsoft's ActiveX control. ActiveX has been another priority for Microsoft's security team, which issued a security advisory on the matter in July.

The most striking thing about the report's findings is the broad apathy shown on the part of enterprise pros to addressing emerging threats on the Web, according to Mandeep Khera, chief marketing officer at Cenzic.

"In spite of the fact that vulnerabilities are so easily identifiable and widely exploited by hackers – and there are now low-cost, turnkey [software as a service] solutions available – businesses are not focused on securing their Web applications," he said in an e-mail statement. "[The vulnerabilities] are a serious and potentially lethal blind spot for businesses."

About the Author

Jabulani Leffall is a journalist whose work has appeared in the Financial Times of London, Investor's Business Daily, The Economist and CFO Magazine, among others.

Featured

  • Cybersecurity
    Shutterstock photo id 669226093 By Gorodenkoff

    The disinformation game

    The federal government is poised to bring new tools and strategies to bear in the fight against foreign-backed online disinformation campaigns, but how and when they choose to act could have ramifications on the U.S. political ecosystem.

  • FCW PERSPECTIVES
    sensor network (agsandrew/Shutterstock.com)

    Are agencies really ready for EIS?

    The telecom contract has the potential to reinvent IT infrastructure, but finding the bandwidth to take full advantage could prove difficult.

  • People
    Dave Powner, GAO

    Dave Powner audits the state of federal IT

    The GAO director of information technology issues is leaving government after 16 years. On his way out the door, Dave Powner details how far govtech has come in the past two decades and flags the most critical issues he sees facing federal IT leaders.

Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.