Still, Firefox, developed by the Mozilla Foundation, won't harbour nearly as many security flaws as those that have Microsoft's Internet Explorer, and increasing popularity won't change that, Mitchell predicted.
Some critics challenge that assumption. Symantec chief executive officer John Thompson and other security executives have claimed that open-source programs will become more vulnerable as they pick up more users, because more hackers will become attracted to it.
Last month, Mozilla issued a major security update to fix several flaws, including one that would allow domain spoofing.
"There is this idea that market share alone will make you have more vulnerabilities," Baker said. "It is not relational at all."
Part of Firefox's better security profile comes from how it is developed, compared with Internet Explorer, she said. "Not being in the operating system is a phenomenal advantage for us," Baker said.
Another benefit, Baker said, comes from the fact that Firefox does not support Active X plug-ins. For years, some consumers and analysts have dinged Firefox because it couldn't run Active X.
"It turns out it is only less convenient until you get hacked," she said. "Then it becomes a disadvantage."
Mozilla is part of an industry effort to create an Active X alternative that would let plug-in applications such as Macromedia Flash run within the Web browser without the security risks associated with Active X. Others involved in that effort include browser makers Opera Software and Apple Computer, and plug-in makers Sun Microsystems, Macromedia and Adobe Systems.
In general, classic code flaws tend to be fairly easy to fix once they are found, she said. More difficult problems to guard against are the ones that exploit human behavior, like phishing.
"In some of these cases, the solution is very difficult to determine," she said. "There are some circumstances where the speed won't be as fast."
On another note, Baker added that the open-source movement still faces some growing pains. Large commercial customers are often not completely comfortable with open-source licensing, particularly because they are familiar with traditional licensing models.
She also said that new forms of public licenses are inevitable, as are conflicts and inconsistencies between different public licenses.
"If someone comes up with something, they have the right to determine the terms under which they give it away," she said.
CNET News.com reporter Paul Festa contributed to this report.
I find it sad to see such incompetent remarks from Symantecs CEO, if it is not put here out of context. Apache (with 70% marketshare, vs MS IIS with 23%) is good proof that having the most marketshare does not mean you are the most hacked / insecure.
There are two simple facts, ignoring all other factors, that makes Mozilla products inherently much more secure than Internet Explorer.
-Mozilla does not support activeX.
-Mozilla is not part of the OS (being part of the OS can take down the whole machine or give access to the whole computer through a browser bug).
I know both facts were mentioned in the article, but it tells a lot about the competence of the security "expert" if they are ignorant of these facts and tries to use MS's faulty marketshare-herring.