Security

Definition: Browser security is a result of excellent design, quick response, and user communication.

Measurable Evaluation Criteria: A browsers track record is not based on the number of exploitable bugs found, but really how quickly the vendor or support community responds with fixes. It is also important that users are informed of the need to update, and the ease of which they are able to do so. Certainly, secure design plays a part. Some browser vendors have decided to add functionality beyond published web standards for ease of use that violates secure design concepts.

Considerations:

There has been much confusion regarding browser security lately. The press seems to pounce on any announcement regarding a security flaw found in particular browsers, often blowing the risk way out of proportion. However, this is natural in a world where ecommerce flourishes. The key factor in browser security is in actually finding security flaws and then correcting them in a quick and proper manner. Excluding design considerations, each bug found and fixed, in theory, should make that browser more secure.

Obviously, if users don't actually apply security updates to their browsers, then their security is compromised. This is why its important that users are notified of security updates, and that the security updates are easy to install.

Design issues are a bit difficult to evaluate. However, there is an overriding security concept: Security will always be at odds with convenience. The key is to strike a balance between usability and lockdown. Clearly, the most dangerous browser security exploits have been caused by browsers with close ties to the operating system, because they have greater priviledges to execute code on the host.