Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Software
Browsers
Microsoft Edge
Does more browser code = more potential exploits?
Message
<blockquote data-quote="ForgottenSeer 92963" data-source="post: 973254"><p>[USER=91306]@wat0114[/USER]</p><p></p><p>Yes the average number of bugs is 20-30 per 1000 lines of code (kilo lines of code, short KLOC). The industry range is said to be between 5 and 50 per KLOC. The range is determined by the professionalism of development and testing teams, used methods and support (testing/debugging) tools and by the size of the workforce working on an application and development platform and programming language used. The only way you can really measure it is, by looking at the reported vulnerabilities (but not all bugs are vulnerabilities and not all vulnerabilities can be exploited).</p><p></p><p>Google really has set the standard for using (automated) tools and embedding their methodology in their company culture (e.g. Google has gone so far as to promote their software design principles to corporate vision).</p><p></p><p>It is hard to tell something about the real world risk of larger code footprint. Chrome with its bug bounty program and large user base is under more attack than for instance Mozilla. When you take the user base and number of people working on Chrome versus Firefox, one has to conclude that Chrome does really well. So looking at number of vulnerabilities/bug-fixes which are published does not tell every thing, but on average (I have outdated data from before my retirement):</p><ul> <li data-xf-list-type="ul">Chrome has 0.06/KLOC (reported) vulnerabilities</li> <li data-xf-list-type="ul">Firefox has 0.05/KLOC (reported) vulnerabilities</li> </ul><p>I think Firefox should do better now, because around 10% is programmed in Rust (which has better memory integrity protection than C++). It is a pity Firefox fired the people who were converting C++ to Rust. Microsoft despite of its reputation does also reasonable well (their CRM has less reported bugs than Salesforce, Oracle and Sap) and I have often posted on Windows Operating system, Edge has 5 security advantages over Chrome.</p><p></p><p>Although I use Firefox on my phone (I don't do banking or buying on my phone), before switching to Firefox I would read this first: <a href="https://madaidans-insecurities.github.io/firefox-chromium.html" target="_blank">Firefox and Chromium | Madaidan's Insecurities</a></p><p>/K</p></blockquote><p></p>
[QUOTE="ForgottenSeer 92963, post: 973254"] [USER=91306]@wat0114[/USER] Yes the average number of bugs is 20-30 per 1000 lines of code (kilo lines of code, short KLOC). The industry range is said to be between 5 and 50 per KLOC. The range is determined by the professionalism of development and testing teams, used methods and support (testing/debugging) tools and by the size of the workforce working on an application and development platform and programming language used. The only way you can really measure it is, by looking at the reported vulnerabilities (but not all bugs are vulnerabilities and not all vulnerabilities can be exploited). Google really has set the standard for using (automated) tools and embedding their methodology in their company culture (e.g. Google has gone so far as to promote their software design principles to corporate vision). It is hard to tell something about the real world risk of larger code footprint. Chrome with its bug bounty program and large user base is under more attack than for instance Mozilla. When you take the user base and number of people working on Chrome versus Firefox, one has to conclude that Chrome does really well. So looking at number of vulnerabilities/bug-fixes which are published does not tell every thing, but on average (I have outdated data from before my retirement): [LIST] [*]Chrome has 0.06/KLOC (reported) vulnerabilities [*]Firefox has 0.05/KLOC (reported) vulnerabilities [/LIST] I think Firefox should do better now, because around 10% is programmed in Rust (which has better memory integrity protection than C++). It is a pity Firefox fired the people who were converting C++ to Rust. Microsoft despite of its reputation does also reasonable well (their CRM has less reported bugs than Salesforce, Oracle and Sap) and I have often posted on Windows Operating system, Edge has 5 security advantages over Chrome. Although I use Firefox on my phone (I don't do banking or buying on my phone), before switching to Firefox I would read this first: [URL='https://madaidans-insecurities.github.io/firefox-chromium.html']Firefox and Chromium | Madaidan's Insecurities[/URL] /K [/QUOTE]
Insert quotes…
Verification
Post reply
Top