Slashdot Mirror

← Back to Stories (view on slashdot.org)

Android Was 2016's Most Vulnerable Product, Oracle the (bleepingcomputer.com)

Posted by msmash on from the state-of-the-art dept.

An anonymous reader writes: According to CVE Details, a website that aggregates historical data on security bugs that have received a CVE identifier, during 2016, security researchers have discovered and reported 523 security bugs in Google's Android OS, winner by far of this "award." The rest of the top 10 is made up by Debian (319 bugs), Ubuntu (278 bugs), Adobe Flash Player (266 bugs), openSUSE Leap (259 bugs), openSUSE (228 bugs), Adobe Acrobat DC (227 bugs), Adobe Acrobat Reader DC (227 bugs), Adobe Acrobat (224 bugs), and the Linux Kernel (216 bugs).

When it comes to software vendors, the company for which the largest number of new CVE numbers have been assigned was Oracle, with a whopping 798 CVEs, who edged out Google (698 bugs), Adobe (548 bugs), Microsoft (492 bugs), Novell (394), IBM (382 bugs), Cisco (353 bugs), Apple (324 bugs), Debian Project (320 bugs), and Canonical (280 bugs).

3 of 147 comments (clear)

  1. The couting fiasco by Anonymous Coward · · Score: 4, Interesting

    You know, when you read that had XXX CVEs on year 2016, you kinda expect those CVEs are about that latest stable release for in Ubuntu, Fedora, Debian, RedHat, etc.

    Not so in this report. You'll ALSO get CVEs that are relevant only to older versions of the distro added to that distro's 2016 count in this report (RTFA and check it!). They didn't restrict it to the current [in 2016] stable version of the distro/product.

    As far as I am concerned, this report is irrelevant, because you can't really get any real-world use of it other than deceptive marketing (either pro or contra).

  2. Adobe: Truly solid products by MobyDisk · · Score: 5, Interesting

    A document viewer had as many vulnerabilities as AN ENTIRE OPERATING SYSTEM.

  3. Re:Number of bugs is hardly a valuable metric here by Anonymous Coward · · Score: 3, Interesting

    Larger more complex products have more bugs.
    Products with larger user bases discover more bugs.

    What we are measuring hear is the largest most used products.

    I believe that means that 2016 was the year of the Ubuntu and Debian desktop! (and to a lesser extent openSUSE)

    Though I find the whole things suspect when Adobe has 904 bugs across 4 products in the top 10 but only 548 total.