Suite à "post:335", j'ai bien aimé ce billet : "Firefox 2 crash exploit and IE7 address spoofing flaw surfaces"

Even if there is a critical flaw found in either new product, we need to remember that Firefox 1.x averaged 5.15 highly/extremely critical flaws per month in the previous 12 months while IE6 averaged 2.6 highly/extremely critical flaws per month within the same time period. These less critical issues in IE7 and FF2 so far don't even register as remotely exploitable conditions.

Un logiciel libre n'est donc pas plus sur intrinsèquement qu'un logiciel propriétaire !

Par contre, la grande force du libre, c'est qu'une faille est corrigée plus rapidement une fois que celle-ci est découverte (voir le tableau à la fin du même billet ou les citations ci-dessous).

Dixit : "Security Fixes Come Faster With Mozilla"

Over the past year, Mozilla averaged about 21 days before it issued fixes for flaws in Firefox, compared with the 135 days it took for Microsoft to address problems

et

For at least 256 days last year, Internet Explorer contained unpatched vulnerabilities where the exploit method had been publicly disclosed but was not necessarily being used. By contrast, Firefox users were exposed to potential threats that might take advantage of publicly released exploit code for only 17 days. I could not find any public reports of viruses, spyware or worms using those exploits during the time that the Firefox vulnerabilities were unpatched.

Donc en terme de sécurité, un logiciel libre est moins vulnérable car les failles sont corrigées plus vite mais en aucun cas il est intrinsèquement plus sûr...