Slashdot Mirror

← Back to Stories (view on slashdot.org)

Windows, OS X, and iOS Top 2015's List of Software With the Most Vulnerabilities (venturebeat.com)

Posted by Soulskill on from the also-top-list-of-most-investigated-for-vulnerabilities dept.

An anonymous reader writes: Which software had the most publicly disclosed vulnerabilities in 2015? According to a site called CVE Details, which organizes data provided by the National Vulnerability Database, Apple's Mac OS X was near the top, with 384 vulnerabilities. iOS followed closely, with 375 vulnerabilities. The list splits out Windows into its separate versions, so it's hard to get an accurate count — simply adding them all together yields a total of over 1,000, but there are likely many duplicates. Other top spots went to Adobe's Flash Player, with 314 vulnerabilities; Adobe's AIR SDK, with 246 vulnerabilities; and Adobe AIR itself, also with 246 vulnerabilities. The four major web browsers also ranked quite highly.

4 of 111 comments (clear)

  1. Adding together? by Calydor · · Score: 3, Interesting

    Why would you add different versions of Windows together if you're not adding different versions of iOS or Linux together? Bash Microsoft all you want, sure, but hold them to the SAME standard as the rest, not a far harsher one.

    --
    -=This sig has nothing to do with my comment. Move along now=-
    1. Re:Adding together? by ShanghaiBill · · Score: 3, Interesting

      Why would you add different versions of Windows together if you're not adding different versions of iOS or Linux together?

      Linux, iOS, and OSX tend to improve monotonically, so few people are running older versions. With Windows, new versions are often worse than their predecessors, so older versions are still widely used.

  2. Re:Android. by AmiMoJo · · Score: 4, Interesting

    Maybe because Android isn't nearly as bad as people make out. It's actually got a pretty robust security system so vulnerabilities tend to be rather useless anyway, and there is less value in looking for them. Apple is more reliant on preventing malware through the app store, while at the same time more people are looking for flaws because it's more profitable (e.g. jailbreaks).

    You know you are doing badly when you have more vulnerabilities than Flash, which is a major target and extremely badly written.

    --
    const int one = 65536; (Silvermoon, Texture.cs)
    SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
  3. Re: Android. by matbury · · Score: 4, Interesting

    In support of @Rosyna's comment: An interesting and relevant anecdote about not thinking through what the evidence tells us: During WWII the allies were losing a lot of bombers from German anti-aircraft defences. They brought in a bunch of statisticians and analysts to work out how to bring that number of bombers shot down, down. They looked at the damaged bombers that had returned to see where they were getting hit and decided to armour those places. Big mistake... why? Well, someone pointed out that those were the bombers that weren't actually shot down and that they should do precisely the opposite and armour the areas that didn't get shot full of holes - The planes that got shot there were the ones that weren't coming back. The new policy was a big success.

    So yes, the software projects that report the most vulnerabilities may be the ones that are working hardest to make their software more secure and may also be more open about it, thereby inviting more vulnerability reporting by independent 3rd parties too.

    tl;dr - Lots of publicly reported bugs may be a good thing! :) (As long as they're being patched, of course).