"Apple has displaced Oracle as the company with the most security vulnerabilities"

[Yazo]

Thought this was an interesting article....

Apple has displaced Oracle as the company with the most security vulnerabilities in its software, according to security company Secunia. Over the first half of 2010, Apple had more reported flaws than any other vendor. Microsoft retains its third-place spot. Secunia has tracked security vulnerabilities and issues advisories since 2002, producing periodic reports on the state of software. Together, the top ten vendors account for some 38% of all flaws reported.

Though this does not necessarily mean that Apple's software is the most insecure in practice—the report takes no consideration of the severity of the flaws—it points at a growing trend in the world of security flaws: the role of third-party software. Many of Apple's flaws are not in its operating system, Mac OS X, but rather in software like Safari, QuickTime, and iTunes. Vendors like Adobe (with Flash and Adobe Reader) and Oracle (with Java) are similarly responsible for many of the flaws being reported.

To illustrate this point, the report includes cumulative figures for the number of vulnerabilities found on a Windows PC with the 50 most widely-used programs. Five years ago, there were more first-party flaws (in Windows and Microsoft's other software) than third-party. Since about 2007, the balance shifted towards third-party programs. This year, third-party flaws are predicted to outnumber first-party flaws by two-to-one.

Secunia also makes a case that effectively updating this third-party software is much harder to do; whereas Microsoft's Windows Update and Microsoft Update systems will provide protection for around 35% of reported vulnerabilities, patching the remainder requires the use of 13 or more updating systems. Some vendors—Apple, Mozilla, and Google, for example—do have decent automatic update systems, but others require manual intervention by the user.


http://arstechnica.com/security/news...insecurity.ars

[bodybump]

Man Thanks for sharing Yaz!!! All they care is how to count those moneys in the bank...

[TheDude]

It's partly the culture of a closed system. Security is about open peer review. When you're closed and secretive, it's harder to vet the issues. To make matters worse, when issues are found, Apple covers its eyes "see no evil" style, and generally doesn't aggressively patch for security (or any other sort of issue).

Computing can be done safely on most any system though, but I'd say other OSes are now ahead in terms of proactive, simple patching and updating. Even my Linux systems are beyond simple in this regard.

[Ed Rooney]

Everything on the market is a massive security compromise. The best is when some neophyte says "I run such-and-such because it doesn't get viruses". Yeah, Ok.

[Paulie]

It's the top for "reported" security vulnerabilities on WINDOWS; Per the report. :)

It's the ones that are never reported that exist for years in multiple iterations of software that really scare me.