The recent furore over the Code Red virus has highlighted concerns about software that constantly requires patches and software updates.
The CW360 survey revealed that the top four web servers, namely Apache, Microsoft IIS, Netscape iPlanet and Zeus Webserver, displayed a wide variation in the number of patches and updates issued.
Microsoft was the most "patchy" of the four, issuing more than 50 patches over the past year for its IIS web server.
Apache, with its open source pedigree, clocked up nearly 34 patches or upgrades in the last year. While IPlanet, formerly Netscape, issued six version upgrades to its web server software. With just three upgrades or patches in the last year, Zeus emerged as the least maintenance-intensive web server.
Andrew Parker, technical director at Zeus said, "We have designed Zeus from the ground up and we are the only company that just does web servers and nothing else. Sometimes, other companies try to combine applications together or add on unnecessary features to already oversized web servers and this can often lead lots of patches or quick fixes that don't really address the inherent problems of the software."
Although requiring the most patches, Microsoft's Mark Tennant, UK product manager for Windows server software, argued, " We provide a lot more functionality than other web servers and this is highly integrated with the operating system."
Tennant believes that it's often a case of dammed if you do and dammed if you don't. "We have to respond to any problems our customers find and produce fixes that meet their business needs. If we didn't, we would be criticised for not doing our job," he said.
Read more on Business applications
The discoverer of the buffer overflow flaw in Sun Microsystems' iPlanet Web server is no stranger to vulnerability detection. David Litchfield, managing director and co-founder Next Generation Security Software, Great Britain, has found many vulnerabilities in software. Litchfield notified Sun of the flaw in late April but it has taken a couple of months for a fix. Litchfield talks about the dangers of the iPlanet vulnerability and about the issue of Web server security in this question and answer interview.