According to secunia.org, Opera 9 had two known security vulnerabilities in 2006, both were patched. In 2006, Opera 8 had two reported vulnerabilities, both were patched.
What has been your average response time to a reported critical vulnerability?
If reported correctly with sufficient details in the report, it is usually less than 24 hours.
Do you believe that your level of security would drop if you managed to get a quite larger portion of the market?
No. I dont think so. Recall the distinction between principalled security and the lay persons perception. Our principalled security will be at least as good with higher market share. The amount of attacks directed at Opera only might increase, but it is important to remember that almost all attacks are tried out on all the main browsers. Thus the net result of even more attacks will most likely not be significant. What *will* be significant, however, is that the overall security level of end users browsing will be better if Opera gets a larger market share - due to the facts discussed above.
What's your take on the full disclosure of vulnerabilities?
We prefer that reporters contact vendors prior to disclosing a vulnerability in order to ensure that the impact on innocent bystanders (i.e. end users) is as minimal as possible. When there is a patch available from a vendor, we understand and respect that some reporters want to disclose their findings to the community.
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.