Symantec Global internet Security threat report
According to recent statistics from late 2009, there was an increase in the market share of Chrome, Firefox, and Safari at the expense of internet Explorer over the course of the year.91 Symantec speculates that security concerns may have been a factor in the shifting browser demographics. While it is certain that the increase in the percentage of internet Explorer 8 users is due to installations of Windows 7, which includes the browser by default, enhanced security is also believed to be a factor in its increased use even as internet Explorer loses market share overall. that said, the shifting market share should not significantly endanger browsers other than internet Explorer in terms of attacks in the wild as it is unlikely that a tipping point has yet been reached that will make the development of concerted attacks on other browsers sufficiently profitable to be viable.
Window of exposure for Web browsers
the window of exposure for Web browsers is the difference in days between the time when exploit code affecting a vulnerability is made public and the time when the affected vendor makes a patch publicly available for that vulnerability. During this time, the computer or system on which the affected application is deployed may be susceptible to attack. the metric is derived from the average amount of time it takes to release a patch in comparison to the average amount of time it takes for exploit code to be made publicly available. this metric also includes maximum patch times, which is the maximum amount of time required to release a patch for all of the patched vulnerabilities in the data set.
Measuring the time that it takes for vendors to release patches for vulnerabilities may provide insight into overall vendor security responsiveness. Some vulnerabilities examined were patched by the vendor at the time they were announced. this may be due to an internal security audit by the vendor, which may have revealed the vulnerability, or it may have been because security researchers discovered the vulnerability and responsibly disclosed it to the vendor. Other vulnerabilities are independently reported by security researchers prior to the release of a patch, indicating that security researchers may not have coordinated with the vendor to disclose the vulnerability. this may be because the researcher did not responsibly disclose the vulnerability, or else it is possible that the researcher attempted to responsibly report the vulnerability but the vendor was unresponsive. the patch release time is compared against the average time for vulnerability exploits to become publicly available in order to determine the window of exposure.
h t t p : / / w w w . w 3 s c h o o l s . c o m / b r o w s e r s / b r o w s e r s _ s t a t s . a s p