popular browsers and security bugs
There’s been some posts lately in the media about security bugs in Mozilla Firefox and Microsoft Internet Explorer, and what all the numbers mean when it comes to who has more or how many are critically severe.
I thought I’d bring my boring opinion to the table since I don’t use either one of them hardly at all, and don’t see myself using either one regularly for a good while either. My take on it is that MSIE is always going to have more problems than any major browser for one reason alone: an active development team.
It’s worth noting that my entire argument stands on the assumpion that Microsoft, as a business, will do two things when it comes to development. In the first place they will devote resources (time, money and employees) to developing a product up until getting a stable release out the door. Once the product is released, the engineering team is disbanded and the resources pooled into other areas instead. As a result, development becomes reactionary instead of proactive. Now, I don’t have an insider’s perspective to development practices at Microsoft, but from an outsider’s view, that seems to be the case.
Case in point — there has been a huge amount of stagnation between browser releases for Internet Explorer. Why is it that the only releases we see for the browser are security updates? Are there every any bugfix releases? I’ve blogged about this before … one reason I love open source software is for the incremental releases, which shows that there is still an active development team working on improving the product, even after a major point release has been accomplished. Not so with Microsoft products. You get a product release, and then security updates when they are needed. Even then, we don’t get patches unless the problem creates enough of a black eye for the company. If they don’t feel like it’s a big enough problem, they won’t devote any resources to the problem.
Mozilla’s projects, on the other hand, don’t kill development once a major version has been finished. People keep working on it, and we get regular updates. Sure, we’ll see Internet Explorer 7.0 any day now, but is Microsoft still going to release updates on a regular basis because they want to, or they have to?
Interesting stuff, I think. I’m all about the proactive development model, obviously, and how open source software seems to apply that principle much more. The big problem with proprietary software is you’re simply stuck with whatever they release, and whatever they feel like is an important feature, fix or add-on. I’ve never been too confident when any corporation says, “trust us, it’s good enough,” especially when their real priorities are budgets and the bottom line. If Microsoft has shown us one thing, it’s that having all the money in the world apparently has nothing to do with putting out the best software possible.