Two continuous points of cognitive dissonance in security… as I read Brian Krebs' Security Fix post on firefox vs. IE:
- If finding vulnerabilities makes software more secure, why do we assert that software with the highest vulnerability count is less secure (than, e.g., a competitor)? (It is even more ironic that this has become more questionable an action as "favored" software has fared worse in this category).
- If disclosure date is the day that software becomes "at risk" why don't we try our hardest to prolong that date?
Conclusion: nobody really knows what the heck they are talking about when it comes to "secure software."