Does market share really matter in security?
Posted by Ian S. Nelson Thu, 01 Mar 2007 15:41:00 GMT
I've been too busy doing other things the last few months to post much. I haven't seen this issue really addressed anywhere but it's mentioned from time to time. It's kind of a quick rationalization and it definitely has some appeal to some form of logic.
At a glance, it makes logical sense. The difference between the best engineers and the worst isn't that great (in the grand scheme of things) and the top products are usually built by good ones that all tend to kind of converge to the same quality level. So if the engineers are about the same quality then the output should have roughly the same number of defects provided that they are using similar technologies and tools. Further, the more popular product will have more eyes looking at it and so more problems will be found.
The popular context for this would be Windows vs. OS X. Is OS X any more secure than Windows? Or is it just attacked less often? Well what about OpenBSD, if it was as popular as Linux would it have the same number of security problems? I tend not to think so.
