Apple tops operating system, Microsoft application vulnerability chart
If you had to guess the operating system with the highest number of reported vulnerabilities, which would you pick? I guess it is fairly certain that the majority would pick Windows 7 or Windows in general but that is not the case, at least not when you grab data from the 2014 NVD database.
According to the database, or more precisely Christian Florian over at the GFI Blog who analyzed the data, Apple's Mac OS X operating system tops the chart with 147 reported vulnerabilities of which 64 had a severity of high and 67 one of medium.
The second place goes to the company's iOS operating system and 127 reported vulnerabilities, and the third to the Linux Kernel with 119 vulnerabilities.
And Windows? Makes up all the remaining seven places in the top ten list lead by Microsoft Windows Server 2008 with 38 reported vulnerabilities.
It is somewhat surprising to see Windows not making top spot in that list. Windows editions are however listed individually while Mac OS X, Linux and iOS are not.
Microsoft's Internet Explorer tops the application vulnerability chart by a large margin. A total of 242 vulnerabilities were reported for the Internet browser with 220 of them with a severity of high.
Google Chrome in second and Mozilla Firefox in third place are listed before Java and Adobe Flash Player.
It would have made sense to list different application versions here for all programs as well in a separate chart to make more sense of the data.
What is definitely missing is how long it took each company on average to fix high, medium and low vulnerabilities reported for its products.
As far as overall stats are concerned: the number of reported vulnerabilities rose from 4794 in 2013 to 7038 in 2014, a huge jump. Vulnerabilities with a high severity rating increased as well from 1612 to 1705 in total.
If you check the data, it becomes obvious that things don't add up. Just a check of all security bulletins released by Microsoft in 2014 alone shows a higher number than what is reported in the chart for the operating system.
What's your take on the data? True representation or missing information that would paint a different picture if included?Advertisement