Tuesday, October 03, 2006

Let he who is without sin...

Although I use Firefox in preference to Internet Explorer, I do so for features such as tabbed browsing.

Vague claims that it is "more secure" have never washed with me: how do you prove it?  I can prove that one piece of software is faster than another or easier to install or costs less but proving something is more secure (as opposed merely to having had fewer security problems discovered in it) is an entirely different question.

So those who spend their days trumpeting Firefox (or Apple's Operating System for that matter) as somehow superior than a competing product because they are "more secure" attract my disapproval (and you don't want to be the target of my disapproval!)

I therefore felt a sense of schadenfreude when I read this article. It appears that Firefox's Java Script engine is a "complete mess" and quite likely riddled with security holes.  Who'd have guessed it?!

(For the record, however, I should say that I do not approve of those who don't give vendors sufficient time to fix problems before publishing.)

6 comments:

Ben said...

How much time would you regard as sufficient? What would you do if the vendor keeps asking for more time?

andyp said...

I can confirm that you do not want to be the target of the evil eye of Gendal. His disapproval is too much to bear.

Jon Deane said...

It also turns out that article is nonsense.

Richard Brown said...

Ben: I'm probably slightly conflicted in attempting to answer that. I suspect the correct answer is that the submitter should give a clear description of the problem and a reasonable and clear deadline by which they feel they have to publish. If the vendor had good reasons for not being able to fix it in that time, then you should do what your conscience tells you to do.

Jon: Hmmm.... darn.

Ben said...

Oh dear, I'm sorry to hear about your confliction. Meanwhile, although I agree with your reply, I see it studiously avoids answering either of my questions. ;-P

Richard Brown said...

Really? I thought I had answered your question :-p