Interview with Christen Krogh, Opera Software's VP of Engineering
by Mirko Zorz - Monday, 13 August 2007.
Christen Krogh is responsible for all software development at Opera. Krogh received his bachelor's degree in computer science from Glasgow University and his Ph.D from the University of Oslo.

What is Opera's market share? How many users?

Market share is a difficult number to measure and different companies use different methods and track different websites, so a true and accurate representation is almost impossible. Our numbers though are more interesting: we have between 10 and 15 million users of the desktop browser, more than 10 million cumulative Opera Mini users, come pre-installed on more than 40 million mobile phones and are available to anyone using Nintendo Wii or Nintendo DS.

In your opinion, what are Opera's strengths when it comes to security?

Our strength is that we take it really really serious. We have an excellent Q&A team that tests the browser versions prior to release, both manually, and automatically. We even have a group of skilled experts who call themselves "Evil Knights" working at finding holes and issues prior to launch.

Second, we try to develop our product in such a way that it helps the end users to browse safely. Our advanced Fraud Protection is one example of such a feature. Thirdly, whenever something comes up as a security issue after we have launched a product it takes first priority. We aim to never let a security issue stay unpatched.

Does Opera use technology that makes it stand out from other browsers?

For us, security is largely about architecture, process, and user interface. Architecturally, we might be less prone to certain issues, due to the fact that we have a self-contained browser application with few necessary dependencies to the underlying platform. Process-wise, we might test more diversly than the competition, due to the fact that we release our products on the largest amount of different platforms. Regarding user interfaces, it has always been a design goal never to mislead the user that they are in a safe environment when they aren't.

Do you believe that you are more secure than other available browsers?

Security can be classified in several ways. Security is a function of architecture, process (including QA), and design (including user interface). For the lay person, however, security is measured largely by statistics:

1) how many issues

2) how long (on average) did it take to release a QA'ed version with a patch (as opposed to how long did it take to have a suggested code change which is not Q&A'ed)

3) how many issues are unpatched (at any one time)

4) the severity of an issue.

The only way of evaluating this is to cf with an independent advisory organization such as According to their independent analysis, we have a superior track record, of which we are very proud and work hard to maintain.

How many security issues have you patched in 2006?

According to, Opera 9 had two known security vulnerabilities in 2006, both were patched. In 2006, Opera 8 had two reported vulnerabilities, both were patched.

What has been your average response time to a reported critical vulnerability?

If reported correctly with sufficient details in the report, it is usually less than 24 hours.


Harnessing artificial intelligence to build an army of virtual analysts

PatternEx, a startup that gathered a team of AI researcher from MIT CSAIL as well as security and distributed systems experts, is poised to shake up things in the user and entity behavior analytics market.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.

Mon, Feb 8th