Which browser is the riskiest? The answer may surprise you.

Microsoft's efforts to solve server-side Web vulnerabilities and to patch its Internet Explorer client, may be paying off.  While IE is still the most widely used browser for viewing content on the Internet--and thus, the most widely targeted for assaults--it had the second best ranking among the top four browsers in sidestepping vulnerabilities, according to a  new study.

The report, from application security firm Cenzic, analyzed a number of Web security issues reported in the first half of this year. The browser comparison was only one part of the study, called, "Web Application Security Trends Report: Q1-Q2, 2009" (PDF download).

Firefox was the most vulnerable browser, logging 44 percent of the total vulnerabilities found, according to the report. Safari, at 35 percent, ranked next to Firefox at the bottom. IE had 15 percent of the vulnerabilities, and Opera only 6 percent.

Firefox, Microsoft's most robust rival in the browser market, reportedly has an estimated 330 million users and recently passed its fifth anniversary.

IE is still the most-used browser, followed by Firefox, Apple Safari, Google Chrome (which Cenzic didn't study) and Opera.

In addition to looking at browser security, Cenzic found that 78 percent of the total vulnerabilities were due to Web components. Web component vulnerabilities have increased since last year's report.

Microsoft at least seems somewhat attuned to the issue. A large theme in Microsoft's September patch cycle had to do with plugging such Web component vulnerabilities.

Cenzic also found bugs in Web servers, browser plug-ins and Microsoft's ActiveX control. ActiveX has been another priority for Microsoft's security team, which issued a security advisory on the matter in July.

The most striking thing about the report's findings is the broad apathy shown on the part of enterprise pros to addressing emerging threats on the Web, according to Mandeep Khera, chief marketing officer at Cenzic.

"In spite of the fact that vulnerabilities are so easily identifiable and widely exploited by hackers – and there are now low-cost, turnkey [software as a service] solutions available – businesses are not focused on securing their Web applications," he said in an e-mail statement. "[The vulnerabilities] are a serious and potentially lethal blind spot for businesses."

About the Author

Jabulani Leffall is a journalist whose work has appeared in the Financial Times of London, Investor's Business Daily, The Economist and CFO Magazine, among others.

Featured

  • Defense
    Ryan D. McCarthy being sworn in as Army Secretary Oct. 10, 2019. (Photo credit: Sgt. Dana Clarke/U.S. Army)

    Army wants to spend nearly $1B on cloud, data by 2025

    Army Secretary Ryan McCarthy said lack of funding or a potential delay in the JEDI cloud bid "strikes to the heart of our concern."

  • Congress
    Rep. Jim Langevin (D-R.I.) at the Hack the Capitol conference Sept. 20, 2018

    Jim Langevin's view from the Hill

    As chairman of of the Intelligence and Emerging Threats and Capabilities subcommittee of the House Armed Services Committe and a member of the House Homeland Security Committee, Rhode Island Democrat Jim Langevin is one of the most influential voices on cybersecurity in Congress.

Stay Connected

FCW INSIDER

Sign up for our newsletter.

I agree to this site's Privacy Policy.