On Web Browser Security

This week two news about web browser security got my attention.

First of all, the CanSecWest’s Pwn2Own contest ended with a complete debacle for all web browsers (for example see here for a summary). Only Chrome OS has survived untouched. I interpret this more as an indication of the poor security state of the web browsers than the (undeniable) ability of the participants. From the implementation point of view, the security of our web browsers is not great at all, and this notwithstanding all what has happened in the last years.

From the strategic point of view, the participants to this ACM panel discussion state very clearly that the security of Web Browsers is broken by design, which just confirms the very sorry state of affairs in which we are. Even more, they claim that there is little if no incentive to improve the situation.

And it is no joke that our lifes daily depend more and more on web browsers, from banking to health, work, education etc.