Over the past few months, I have been working together on a team of four on a Browser Security white paper. Specifically, we collected, analyzed and summarized all potentially relevant information related to browser security.
Our target audience is IT managers and security experts that want to decide which browser to deploy on their networks for their employees to use. The paper should help them make an informed decision about which browser is best suited for their specific needs and protects them best against the specific risks they face.
We looked at Microsoft Internet Explorer and Edge, as well as Google Chrome, as these three are the most likely choices for our target audience. We would have liked to include other browsers but time and budget constraints unfortunately meant we had to keep the list short: you would not believe the amount of time we needed to go through all security features that modern web browsers implement, and analyze the many, many features they have for potential security risks.
Perhaps obviously, we found that the modern browsers have a lot more security technologies built-in then they used to but that they also have a lot more "surface area". New security technologies and web features are introduced regularly. Implementing each one adds more code that can potentially mitigate security issues or introduce security vulnerabilities. We found both Microsoft Edge and Google Chrome to have state-of-the-art security, while Microsoft Internet Explorer lagged behind these two. In our opinion Google Chrome is slightly more secure overall, but I encourage you to have a look at the data and decide for yourself. After all, the best choice for your organisation depends highly on your personal needs and risks.
This project was run by x41, and headed by my good friend Markus Vervier. I really enjoyed this opportunity to work with a team of people who were very skilled in various areas of computer security. We hit that sweet spot where every team member has unique knowledge and skills that, when combined, covered every aspect of this project.
The project was sponsored by Google, who generously accepted our proposal to write this paper and let us work on our terms, did not interfere with our process and did not attempt to influence our conclusions.
If you are interested in setting up a similar project and want to hire me or a team of security researchers to thoroughly analyze the security of one or more software products, you can email me or contact x41.
You can download a copy of our white paper from the x41 website at: