Hacking Browsers: Are Browsers the Weakest Link of the Security Chain?
From the post:
The number of cyber attacks is constantly increasing, and according to security experts they grow even more sophisticated. The security firm Secunia has recently released its annual study of trends in software vulnerabilities, an interesting report that highlights the impact of the presence of flaws in common software and provides useful details on the way bad actors exploit them. According to data provided by Secunia, the number of Web browser vulnerabilities and zero-day exploited by hackers worldwide in 2014 has increased in a significant way.
…
You can download the Secunia 2015 report here.
The report runs twenty-four (24) pages including the covers and while interesting, a longer report would be more useful. For example, near the end of the report, there are the top 20 core products with the most bugs, followed by the top 50 software portfolios. Of course, the problem being that the lists are not deduped so that Google Chrome, for example, appears in both lists with the same number of vulnerabilities. A one line summary of the bugs in a deduped list with links to Secunia advisories would be quite grand.
Search the Secunia Advisory and Vulnerability Database for details. (Requires Secunia community registration (free) for access to details.)
The report is useful to illustrate the breath of the security problem beyond browsers:
The absolute number of vulnerabilities detected was 15,435, discovered in 3,870 applications from 500 vendors. The number shows a 55% increase in the five year trend, and a 18% increase from 2013 to 2014.
You can improve browser security but if I root the OS, your “security” is more of a wish than a reality.
Securing browsers is like installing deadbolts on the doors of a house with only framing and no walls. An improvement but doesn’t rise to the level of being “secure.”
Systematic incentives (positive ones) are needed to move towards greater security.