The first argument is dangerous and half right. Security holes in certain parts of Mozilla would be hard to fix as no developers are around anymore who know that area. We do release more often though.

But point number 2 is our saving grace, we usually don't have to worry about OS security holes. But we have been bitten by them before.

Everyone always claims that IE has more access to the OS or the kernel and is, therefore, more dangerous. I've never seen anyone document this bit of folkwisdom with any proof.

Saying "It's just true" doesn't qualify either.

"First, open-source software is constantly being looked at by numerous developers"

For a large application with, say. a million lines of C++, how much of the code is actually 'looked at', never mind formally inspected in the Fagan sense? I suspect very little, as a percentage of the total.

Are there code coverage metrics for inspections and for tests? We used to run them in Nortel, and (at least in theory) inspection and testing effort could be directed to known difficult areas, and to areas/functions that were heavily used in the running program, and to areas important to the user experience like the installation routines.

W.

Microsoft software isn't "tied to the kernel" simply because it's produced by the same company. The person who wrote the article doesn't understand what a kernel is, and you unduly discredit yourself by linking to it. I could, in the same way and with equal authority, claim that Mozilla is tied to 'the other' popular open source program, Linux (obvious nonsense). In fact, Microsoft engineers have a better understanding of the Win32 subsystem and the kernel upon which it builds, meaning that their software normally works more naturally and reliably under different configurations, without requiring overly-tight linkage (which is not to claim that the information isn't avilable).

For the benefit of Asa's casual readership, as a balance to the viable arguements listed here criticizing the article author's justifications, let's remember IE's security vulnerability track record and compare it with Firefox's.

Just look at Secunia.org's list of vulnerabilities of the two programs:
IE6, (Criticality, based on 58 advisories from 2003 to 2004): 35% were deemed "Highly critical" or above (Extremely critical).
http://secunia.com/product/11/

Firefox 0.x, (Criticality, based on 18 advisories from 2003 to 2004): 11% were deemed "Highly critical". None were deemed "Extremely critical".
http://secunia.com/product/3256/

Firefox 1.x has had no advisories deemed "Highly critical" or above yet.
http://secunia.com/product/4227/

Just the fact that if you're running an unpatched version of IE6, you could go to a malicious website and automatically have spyware installed onto your machine without your knowledge should put people off of using IE altogether, IMHO.

Of course, Firefox could be more secure, as all programs could. But as it stands now, its security track record is head and shoulders over IE's.

Everybody on the net says something, but I wouldn't believe any of Asa's links. He is very much ready to lie just to get one more person to install firefox, or at least something that says it is firefox. Since nobody knows exactly what people are installing.

Windows kernel has nothing to do with IE, and if someone makes that claim or if someone links to that claim, just notice that he is not telling you the truth and more possibly just try to cheat you into believing something not true. Unfortunately when someone exposes Asa's lies, Asa might take a more truthful path to convince people to install Firefox, instead of spreading FUD and lies.