According to a recently published report from GFI Network and Security Solutions, based on data gathered from the US National Vulnerability Database (NVD), Windows is not the most vulnerable operating system. Which is? Read on to find out.
GFI reports an increase of just over 60% in overall vulnerabilities between 2010 and 2014 – the total for 2014 amounting to 19 vulnerabilities identified per day every day:
I don’t think anyone will be overly surprised with confirmation that overall numbers of vulnerabilities are on the increase, however, I’m not sure if that means software developers/vendors are distributing less secure software these days or maybe getting better at identifying these flaws.
This next graph, showing vulnerabilities by product type, might raise a few eyebrows:
So, it seems the third party software we all love to install accounts for the lions share of vulnerabilities, far outstripping those found in operating systems. Food for thought there.
Here is the biggest surprise of all, showing numbers of vulnerabilities broken down per operating system:
Shock, horror!! Apple topping the list as the most vulnerable operating system, with Linux right up there too, who’d have thunk!
Before anyone gets in a tiz; it’s obvious that the Windows statistics have been separated per version while both Apple and Linux have each been treated as a single entity. Why that might be is anyone’s guess, perhaps the Windows vulnerabilities are specific to each edition and not shared across versions. Then again, maybe whoever collated the data might have ultimately been looking for a headline… hmm, maybe.
The numbers do, however, help show that security by obscurity certainly plays a part in the exploitation stakes and when it comes down to the nitty gritty, all operating systems are inherently vulnerable.
The final graph shows vulnerabilities by application which, as mentioned earlier, account for 83% of all vulnerabilities:
No surprise then to see browsers topping the list, in fact the top half dozen applications are all internet related. Then again, perhaps these types of applications, which are most susceptible, should also be the most secure?
No surprise either to see our old friend Adobe well represented, but the Apple TV app included in the list at number 9 is a bit of a shock. What’s going on there Judy? 🙂