Which software vendor has the most reported vulnerabilities? You might be surprised....

Secunia's Half Year Report 2010 has some results that surprised me, and I'm sure it'll surprise many others. Microsoft historically used to get beaten up a lot about security vulnerabilities and Apple and their fanbois love to say that PCs get more viruses than Macs. Well, this report has some surprising results.

So, which vendor has the most security vulnerabilities?

Apple.

Yep, that's right, Apple. and they were in second place 2007-2009.

Oracle was in top place from 2007-2009 but got lea-frogged by Apple in 2010.

Microsoft is in 3rd place 2007+

The big mover and shaker in this chart?

Adobe.

Adobe didn't even feature until 2008 (10th place) and have jumped up to 5th place in 2 years.

The report makes for some interesting reading and should dispel a few urban myths.

https://secunia.com/gfx/pdf/Secunia_Half_Year_Report_2010.pdf

Comments

• Anonymous
  January 01, 2003
  My best guess is that since 2006 we've released a LOT of new versions of all the major products (for many, 2 major releases) plus the 2003-era products are still in support lifecycle therefore we are still releasing security updates for them. As such, it doesn't surprise me that overal we're seeing more updates being released. The more important statistic for mine is whether we are seeing less vulnerabilities/updates being released with each new major version of the product. My understanding is that this is the case, and obviously part of the value proposition of moving to the latest versions of our products :)

• Anonymous
  July 23, 2010
  Hi, what I found interesting is, that Microsoft is since 2006 on 3rd place. Even with all the improvements in security in their products there are not less vulnerabilities per year? Just curious.... Peter Forster, MVP Virtual Machine, Austria