Which browser is the riskiest? The answer may surprise you.

Microsoft's efforts to solve server-side Web vulnerabilities and to patch its Internet Explorer client, may be paying off.  While IE is still the most widely used browser for viewing content on the Internet--and thus, the most widely targeted for assaults--it had the second best ranking among the top four browsers in sidestepping vulnerabilities, according to a  new study.

The report, from application security firm Cenzic, analyzed a number of Web security issues reported in the first half of this year. The browser comparison was only one part of the study, called, "Web Application Security Trends Report: Q1-Q2, 2009" (PDF download).

Firefox was the most vulnerable browser, logging 44 percent of the total vulnerabilities found, according to the report. Safari, at 35 percent, ranked next to Firefox at the bottom. IE had 15 percent of the vulnerabilities, and Opera only 6 percent.

Firefox, Microsoft's most robust rival in the browser market, reportedly has an estimated 330 million users and recently passed its fifth anniversary.

IE is still the most-used browser, followed by Firefox, Apple Safari, Google Chrome (which Cenzic didn't study) and Opera.

In addition to looking at browser security, Cenzic found that 78 percent of the total vulnerabilities were due to Web components. Web component vulnerabilities have increased since last year's report.

Microsoft at least seems somewhat attuned to the issue. A large theme in Microsoft's September patch cycle had to do with plugging such Web component vulnerabilities.

Cenzic also found bugs in Web servers, browser plug-ins and Microsoft's ActiveX control. ActiveX has been another priority for Microsoft's security team, which issued a security advisory on the matter in July.

The most striking thing about the report's findings is the broad apathy shown on the part of enterprise pros to addressing emerging threats on the Web, according to Mandeep Khera, chief marketing officer at Cenzic.

"In spite of the fact that vulnerabilities are so easily identifiable and widely exploited by hackers – and there are now low-cost, turnkey [software as a service] solutions available – businesses are not focused on securing their Web applications," he said in an e-mail statement. "[The vulnerabilities] are a serious and potentially lethal blind spot for businesses."

About the Author

Jabulani Leffall is a journalist whose work has appeared in the Financial Times of London, Investor's Business Daily, The Economist and CFO Magazine, among others.

Featured

  • Contracting
    8 prototypes of the border walls as tweeted by CBP San Diego

    DHS contractors face protests – on the streets

    Tech companies are facing protests internally from workers and externally from activists about doing for government amid controversial policies like "zero tolerance" for illegal immigration.

  • Workforce
    By Mark Van Scyoc Royalty-free stock photo ID: 285175268

    At OPM, Weichert pushes direct hire, pay agent changes

    Margaret Weichert, now acting director of the Office of Personnel Management, is clearing agencies to make direct hires in IT, cyber and other tech fields and is changing pay for specialized occupations.

  • Cloud
    Shutterstock ID ID: 222190471 By wk1003mike

    IBM protests JEDI cloud deal

    As the deadline to submit bids on the Pentagon's $10 billion, 10-year warfighter cloud deal draws near, IBM announced a legal protest.

Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.