The goal of the project is to establish the global scale of web browser-based insecurity. For this we use both the major and minor version information of the user-agent string as reported by web browsers, and typically stored in web server logs. This information can be aggregated to the patch level of the user population, and correlated to the known release dates of security patches.
The data used to measure the worldwide vulnerable web browser population within each browser type was provided by Google, and is a subset of non-personally identifiable data accumulated by Google’s search and web application server logs from around the globe; processed daily between January 2007 and June 2008. With Google’s search queries coming from more than 75% of Internet web search users, our measurements of web browser proliferation are of a truly global scale.
A series of research papers emerged from the analysys of this formidable data set: