Slashdot Mirror

← Back to Stories (view on slashdot.org)

Android Was 2016's Most Vulnerable Product, Oracle the (bleepingcomputer.com)

Posted by msmash on from the state-of-the-art dept.

An anonymous reader writes: According to CVE Details, a website that aggregates historical data on security bugs that have received a CVE identifier, during 2016, security researchers have discovered and reported 523 security bugs in Google's Android OS, winner by far of this "award." The rest of the top 10 is made up by Debian (319 bugs), Ubuntu (278 bugs), Adobe Flash Player (266 bugs), openSUSE Leap (259 bugs), openSUSE (228 bugs), Adobe Acrobat DC (227 bugs), Adobe Acrobat Reader DC (227 bugs), Adobe Acrobat (224 bugs), and the Linux Kernel (216 bugs).

When it comes to software vendors, the company for which the largest number of new CVE numbers have been assigned was Oracle, with a whopping 798 CVEs, who edged out Google (698 bugs), Adobe (548 bugs), Microsoft (492 bugs), Novell (394), IBM (382 bugs), Cisco (353 bugs), Apple (324 bugs), Debian Project (320 bugs), and Canonical (280 bugs).

5 of 147 comments (clear)

  1. Number of bugs is hardly a valuable metric here... by Anonymous Coward · · Score: 5, Insightful

    The number of bugs opened with a given software product says very little about how "vulnerable" the product may be. The most ubiquitous (widely-deployed) products are bound to be subject to the greatest number of "bug reports" (CVEs), by virtue of the fact that they are "under the microscope" and so broadly used. It is no coincidence that the most bug reports have been filed for the most popular software products.

  2. commentsubject by Falos · · Score: 3, Insightful

    Oh boy a point metrics ranking list highscore chart golf game.

    Security bug 1) Erroneous password entry reveals critical details in the rejection prompt, like the confirmed existence of an account name.
    Security bug 2) Throwing in a parentheses and semicolon allows mass queries and a full DB dump of cleartext passwords.

    One point each, equally vulnerable.

  3. Re:That's interesting by Anonymous Coward · · Score: 2, Insightful

    Ask Achilles how that works out.

  4. Apples and oranges by GuB-42 · · Score: 3, Insightful

    They put the linux kernel, linux distos, Android and apps in the same list.
    Android and linux distros contain the linux kernel
    There isn't much to linux distros besides testing and maintenance, there are mostly a collection of third-party software.

    So, for example, is a bug in the linux kernel also a bug in Ubuntu? Is is still a but if there is some kind of mitigation in place?

  5. Apples vs. Oranges by RealGene · · Score: 4, Insightful

    Comparing an operating system to Acrobat Reader? The real question is, why should a text rendering application have half as many bugs as an entire OS?

    --
    Mission: To provide products that consume time and energy as entertainingly as permitted by the laws of thermodynamics.