Just yesterday a report from security software provider Secunia rated Apple as the company with the most security vulnerabilities in its software, surpassing Oracle and even Microsoft. Secunia did clarify, however, that the report is not an indication of the individual vendors' security rather than a view of the industry as a whole. Things like the level of severity or how fast a flaw gets patched didn't play a role in the ranking, which means that software from a company with more vulnerabilities does not necessarily have to be more insecure. Some highlights from the report:
- On average, 10 vendors are responsible for 38% of the vulnerabilities per year. Among those companies are Apple, Oracle, Microsoft, HP, Adobe, IBM, VMware, Cisco, Google, and Mozilla.
- From 2007 to 2009, the number of vulnerabilities affecting a typical end-user PC almost doubled from 220 to 420, and the number is expected to almost double again in 2010 to 760, based on data from the first six months.
- A typical end-user PC with 50 programs installed had 3.5 times more vulnerabilities in the 24 third-party programs installed than in the 26 Microsoft programs installed. It is expected that this ratio will increase to 4.4 in 2010.
Secunia's Half Year Report 2010 (PDF) also indicated that since 2005, there has been no significant upward or downward trend in the total number of vulnerabilities in the more than 29,000 products monitored by Secunia.