Software with the most vulnerabilities in the past year

I came across these lists while reading my email and thought they were interesting. Looks like IE is not so much the villain any more.

Oh, it also said that the company with the most vulnerabilities in it’s products for the past year was------ Apple

[attachment deleted by admin]

Well, seems my beloved Firefox needs layered defense of other programs to survive :wink:

Well now I have a reason of switching to Opera.

May I offer a grain of salt to wash down this annual news flash. 88)

Please read and carefully consider the second paragraph. (attached image)

This happens every time this report comes out.

Things to consider that don’t show in these numbers.
Market Share/Scrutiny, Severity, Vendor waffling (taking forever to even acknowledge, let alone patch)

Consider 2 similar software.
The vendor who is more aggressive and open about acknowledging and patching comes out looking the worse… go figure ???


[attachment deleted by admin]

The vendor who is more aggressive and open about acknowledging and patching comes out looking the worse... go figure
I couldn't agree more :-TU

That doesn’t matter, all it’s showing is what programs had the most vulnerabilities discovered in the last year. Firefox also led the list in 2008.

In the same time, the same site (secunia) makes the following reports for 2009:

software advisories vulnerabilities unpatched
FF 3.5 79 11 1
IE8 49 13 4
IE7 129 45 10
Opera 10 8 16 0
Opera 9 25 56 1 (moderately critical)

As usual, secunia warns that these summaries are global, do not account for third-party protection, but account for cross-platforms (linux, mac…).

Moreover, the release dates of the said softwares are as follows:

FF 3.5 Jun 30 2009
IE 8 March 19 2009
Opera 10 Sept 01 2009

We therefore don’t know what version of what browser was tested, as none of them covers the full 2009 year, and we won’t of course speak of hypothetic vulnerabilities (some of them affect very speficic use of the browser and do not concern every user).

IE 8 has been a real (and the first) progress in terms of security in the IE world .
Nevertheless, every software has vulnerabilities to be discovered and sometimes exploited, and one thus cannot agree to the statement that what is relevant is the someday’s count of vulnerabilities, whereas it actually is the count of unpatched vulnerabilities.

Actually a little snippet of information out of context and without citation has little to no value,
and could be seen at worst as spreading FUD that would lead people to draw all kinds of
misguided conclusions.

or even copyright infringement.

So here is (attached) the complete Secunia_Half_Year_Report_2010 from

Sure the info may be factual but what it really means is far from evident, as it was presented.
See the second paragraph in the pic attached to my post above.


[attachment deleted by admin]

The entire report really doesn’t tell you much more than the tables do. Basically, 3rd party programs now account for the majority of security risks of all levels of criticality. IE has always been singled out as being the single biggest offender but it seems that is no longer true. It pretty much shows that the pond ■■■■ can hack anything they set their minds to.

Agree. The most market share the other gain, the most attacks will suffer. But, we know that some software are security oriented and others not (or not that much). Development is not easy in this field as exploits and vulnerabilities increase very much. Hope they win the fight. Anyway, layered security helps a lot and reduce the possibilities of these vulnerabilities in daily computer usage.

When I read the second paragraph it seems to me the makers themselves think they are not doing a proper job…:wink:

and that the numbers doesn't reflect the rating of the vulnerabilities, the type of vulnerabilities, type of coding errors, ability to respond to the reports, and many other factors which may be relevant in a proper comparison.

The marketshare is not the only argument in attack frequency.

Everyone knows that IE started to only think of security concerns starting with IE7, and mainly IE8, while the marketshare had not drastically changed due to mature versions of Firefox and Opera, but because the image of IE and Microsoft was getting very negative because of this lack of security.

The global linux marketshare is still very low, but linux remains naturally better protected then windows, notably due to superuser privileges.

I also think with EricJH that this periodic “state of the art” of vulnerabilities does not make much sense, not only because of the methodoly itself, but by nature: what seems to be relevant (and also is reported by secunia) is the cumulative number of unpatched vulnerabilities for a given version of some software at a given time, not even speaking of the severity of such vulnerabilities and of their pertinence to all users (some need for that user to use a particular service of the said software).

UAC will work the same as sudo… I mean, superuser privileges could be gain in both OS. I mean, it’s not the only factor that makes Linux more secure. The market share has it rules here also… besides the technical issues.

Fully agree.

There’s no UAC in windows xp, Tech (and still less in windows 2000, altough 2000 was relatively secured for not integrating like xp a bunch of multimedia software).

Now, speaking of discutable statistics, there must most certainly be some by windows OS, but i am afraid they won’t make much sense either, as they wouldn’t account for e.g. third-party software and type of internet connexion.

I know that and XP has a lot of market share, but, anyway, live goes on with Vista… 7…

im sorry if i asking the wrong thing but why is the vendor for google chrome ADOBE :o