Hacking OpenSource

Ryan Sonnek bio photo By Ryan Sonnek

I find it interesting when I hear that the only reason Linux is more secure than Windows is because it’s used by fewer people. The argument is that software that doesn’t hold vast marketshare has “Security from Obscurity”. Now, with the 1.0 release of Firefox, I hear people say that it will be exploited in the same way that people have hacked Internet Explorer as it keeps stealing marketshare away from IE. Do people really believe this?

Mozilla introduced their Bug Bounty Program a while back with the specific goal to “…encourage security research in Mozilla software and to reward those who help us create the safest Internet clients in existence.” With this incentive to try and find security holes in Firefox, I beg to question why we still have so many reported security holes in IE, and virtually none reported for Firefox? Could it be because Microsoft just makes it so damn easy? Could it be that Firefox is generally more stable and bulletproof? Or, could it be that developers (like myself) feel that Microsoft has somehow “wronged them” with their quirky, insolent browser and feel that some form of payback is necessary? =)

I vote for the option number three…