Google overtakes Microsoft in reported security vulnerabilities

[Ink]

There was bad news for Google in the security space on Monday after the company overtook arch rival Microsoft in having the largest number of reported vulnerabilities in its products, according to the latest quarterly Threat Roundup from Trend Micro.

Total reported vulnerabilities increased from 901 in the second quarter of 2011 to 990 in the third quarter, and Google's quota jumped from 65 to 82 to put the firm into the top spot ahead of Oracle and Microsoft.

The number of reported Microsoft vulnerabilities fell from 96 to 58, while Oracle saw a spike from 50 to 63, placing it in second place.

Trend Micro explained that the jump in Google security problems was caused mainly by the Chrome browser, but that none of the flaws in Chrome was as severe as those in Microsoft products.

"The increase in the number of attacks targeting Chrome may primarily be due to the browser's increasing use and popularity," the report said.

Source (V3.co.uk)

 

[WinAndLinuxTutorials]

"The increase in the number of attacks targeting Chrome may primarily be due to the browser's increasing use and popularity."

I am using Comodo Dragon. Does that mean I may be a victim of these attacks?

 

[Hungry Man]

1) Closed source vs Open source. This is like saying linux is less secure because we can see so many vulnerabilities - theyr'e out in the open.

2) Vulnerabilities doesn't mean a lot. There are different levels. Look at MS's and Google's. Chrome has tooooons of vulnerabilities (They pay users to find them!) but none of them break the sandbox.

3) As I said above, Google pays for vulnerabilities. There is far more incentive for me to find a vuln in Chrome than in IE9 because Chrome's gonna give me a few thousand dollars.

 

[Jack]

There is a difference between reported and exploited vulnerabilities ..... Google has a very good bounty program for vulnerabilities so everyone is always looking for bugs/flaws , but Google has also a very good 'patching' team so most of the reported bugs/flaws will be fixed.....I can't even remember when was the last time a important and widely use Google app. was hacked.... :shy:

 

[iPanik]

Wouldn't call it bad news necessarily. It just shows that their Get-Paid-To-Find-Bugs program actually works.

I do find it interesting/worrying that oracle is in second place. I am so glad that both my bank and tax systems use java applets. :dodgy:

 

[moonshine]

Google is actually faster than Microsoft in getting their vulnerabilities patched out so that's better.

 

[AyeAyeCaptain]

Not much more I can add to what "Hungry Man, Jack & BoXX" said... while Google may have more, they have a great way of dealing with it, and in turn resolve so much faster than Microsoft.

Anyway, just because something is not discovered does not mean it is not there, am sure a lot of so-called secure products have holes more than most but not yet found yet due to it been new code?? (maybe going bit out of my depth, on the whole code thing.. but educated guess for discussion).

 

[McLovin]

Google, Oracle less secure than Microsoft?

Google and Oracle have overtaken Microsoft as the vendors with the most vulnerabilities, according to Trend Micro's Third Quarter Threat Report.

Link: Read more.

 

[Hungry Man]

RE: Google, Oracle less secure than Microsoft?

Security is not about the number of vulnerabilities at all.

1) Chrome is open source and they pay for vulnerabilites to be found.

2) Chrome has only ever had 2 critical vulnerabilities - 1 of which was confirmed and the other has not been.

 

[McLovin]

RE: Google, Oracle less secure than Microsoft?

Security is not about the number of vulnerabilities at all.

1) Chrome is open source and they pay for vulnerabilites to be found.

2) Chrome has only ever had 2 critical vulnerabilities - 1 of which was confirmed and the other has not been.

Totally agree. Currently using Chrome and found it much more easier to use then Firefox.