An Analysis of the Vulnerability Discovery Process in Web Browsers

S.-W. Woo, O.H. Alhazmi, and Y.K. Malaiya (USA)


Vulnerability, Web Browser, Internet Explorer, Firefox, Mozilla


New vulnerabilities discovered in a web browser put millions of users at risk, requiring urgent attention from developers to address these vulnerabilities. This paper presents a quantitative characterization of browser vulnerabilities which can be used to project the number of vulnerabilities to plan, test and development resources more efficiently. Vulnerability discovery data for the three major browsers, Internet Explore, Firefox and Mozilla, are examined and fitted to a vulnerability discovery model, and the goodness of fit is statistically examined. The results show that the datasets fit the model well, suggesting that this model can be used for making future projections. When the vulnerabilities are partitioned into categories based on their type, the data of individual categories also fit the model separately. When the vulnerabilities are partitioned into three severity levels, the model is found to be applicable to vulnerabilities with high and low severities. It is observed that the popularity of a browser itself leads to a higher discovery rate.

Important Links:

Go Back