Robert Kaiser wrote:
Rostyslaw Lewyckyj wrote:
Mozilla's Firefox web browser versions 2 and 3 top the list with 40
reported flaws.

The real interesting part is how many users out there (absolute or percentage) are using products with unfixed security flaws? How many days of having no fix for a known security vulnerability did the different products have? It not important how many different flaws there were in any given product,

Come again?? Not important how many flaws made it past all internal
quality controls and presumably beta testing into a released version
of the product?
The number of found flaws, bugs, in a product release is an often
used measure used to estimate the number of still hidden bugs.
Sure its commendable that a bug fix is prompt, but is no substitute
to the bug never getting past design, and internal quality control
into the released version.
Which do you consider preferable: a bug fix, version upgrade a day;
or more careful internal quality control before a version release,
so that bug fix version upgrades to the public are needed

the importance is how much likely are users to be harmed, i.e. severity of the flaws and getting the fix out to users.

Non organizational users, i.e. without centralized upgrade,
are unlikely to upgrade promptly. Heck, even centers with
dedicated computer administration, are often behind on versions
and fixes.

Justin also has some very valid points there as well.

Robert Kaiser
support-seamonkey mailing list

Reply via email to