Secunia: Apple software has the most holes

A new report shows that Apple has the most software vulnerabilities of all major software vendors, though it doesn't address severity or how fast holes get patched.

Dave Rosenberg Co-founder, MuleSource
Dave Rosenberg has more than 15 years of technology and marketing experience that spans from Bell Labs to startup IPOs to open-source and cloud software companies. He is CEO and founder of Nodeable, co-founder of MuleSoft, and managing director for Hardy Way. He is an adviser to DataStax, IT Database, and Puppet Labs.
Dave Rosenberg
2 min read

A new report from security software provider Secunia shows that despite considerable security investments, the software industry at large is unable to produce software with substantially fewer vulnerabilities.

The latest data shows that Apple has surpassed Oracle and even Microsoft with accounting for the most software vulnerabilities, though the No. 1 ranking is related only to the number of vulnerabilities--not to how risky they are or how fast they get patched.

Makers of software with the most vulnerabilities
Makers of software with the most vulnerabilities Secunia

This analysis also supports the general perception that a high market share correlates with a high number of vulnerabilities--with Apple (maker of iTunes and QuickTime), Microsoft (Windows, Internet Explorer), and Oracle's Sun Microsystems (Java) consistently occupying the top ranks during the last five years, along with Adobe Systems (Acrobat Reader, Flash), which joined the group in 2008.

Mac OS has remained relatively untouched by major viruses and hacking efforts in the past, as most ne'er-do-wells may have considered the operating system's market share and thus potential for private information less enticing than those of Microsoft's Windows. With the rise of Mac market share and the popularity of the iPhone, however, there is little doubt that Apple platforms will become major malware targets in the near future.

Highlights from the report:

  • Ten vendors, including Microsoft, Apple, Oracle, IBM, Adobe, and Cisco Systems, account, on average, for 38 percent of all vulnerabilities disclosed per year.
  • In the two years from 2007 to 2009, the number of vulnerabilities affecting a typical end-user PC almost doubled from 220 to 420, and based on the data of the first six months of 2010, the number is expected to almost double again in 2010, to 760.
  • During the first six months of 2010, 380 vulnerabilities, or 89 percent of the figures for all of 2009, has already been reported.
  • A typical end-user PC with 50 programs installed had 3.5 times more vulnerabilities in the 24 third-party programs installed than in the 26 Microsoft programs installed. It is expected that this ratio will increase to 4.4 in 2010.

While not particularly surprising, it's a bit depressing to think that the multibillion-dollar security software industry continues to be so easily thwarted by bad guys. If there is one positive takeaway from the report, it's that since 2005, there has been no significant upward or downward trend in the total number of vulnerabilities in the more than 29,000 products monitored by Secunia.

Maybe flat is the best we can hope for?