CybersecurityNew report: Apple software has the most vulnerabilities

The software industry has invested a lot of money to produce software with fewer vulnerabilities, but a new report from security software provider Secunia shows that these efforts are yet to bear fruit.

Dave Rosenberg writes that the latest data shows that Apple has surpassed Oracle and even Microsoft with accounting for the most software vulnerabilities, though the No. 1 ranking is related only to the number of vulnerabilities — not to how risky they are or how fast they get patched.

Rosenberg notes that the report offer support to the notion that a high market share correlates with a high number of vulnerabilities. This appears to be the reason why Apple (maker of iTunes and QuickTime), Microsoft (Windows, Internet Explorer), and Oracle’s Sun Microsystems (Java) have consistently occupied the top ranks during the last five years, with Adobe Systems (Acrobat Reader, Flash) joining the group in 2008.

Since Mac OS accounts for only a small share of the market, hackers have largely stayed away from it, probably figuring that the potential for obtaining lucrative private information would be less rewarding than the information that could be had by attacking Windows-based system.

Highlights from the report:

• Ten vendors, including Microsoft, Apple, Oracle, IBM, Adobe, and Cisco Systems, account, on average, for 38 percent of all vulnerabilities disclosed per year.
• In the two years from 2007 to 2009, the number of vulnerabilities affecting a typical end-user PC almost doubled from 220 to 420, and based on the data of the first six months of 2010, the number is expected to almost double again in 2010, to 760.
• During the first six months of 2010, 380 vulnerabilities, or 89 percent of the figures for all of 2009, has already been reported.
• A typical end-user PC with 50 programs installed had 3.5 times more vulnerabilities in the 24 third-party programs installed than in the 26 Microsoft programs installed. It is expected that this ratio will increase to 4.4 in 2010.

“While not particularly surprising, it’s a bit depressing to think that the multibillion-dollar security software industry continues to be so easily thwarted by bad guys. If there is one positive takeaway from the report, it’s that since 2005, there has been no significant upward or downward trend in the total number of vulnerabilities in the more than 29,000 products monitored by Secunia,” Rosenberg concludes.