Mailinglist Archive

[From Bruce Schneier's CRYPTO-GRAM]

This study is from August, but I missed it.  The researchers tracked 
three browsers (MSIE, Firefox, Opera) in 2004 and counted which days 
they were "known unsafe."  Their definition of "known unsafe": a 
remotely exploitable security vulnerability had been publicly announced 
and no patch was yet available.

MSIE was 98% unsafe.  There were only 7 days in 2004 without an 
unpatched publicly disclosed security hole.


http://bcheck.scanit.be/bcheck/page.php?name=STATS2004