Surprise! Flash Is Not 2015's Most Insecure Software

[frogboy]

Content source

http://news.softpedia.com/news/surprise-flash-is-not-the-most-insecure-software-of-2015-498334.shtml

Flash ranks only 3rd in 2015's most vulnerable software list
Now that 2015 has officially ended let's take a retrospective look over what happened during the past year when it comes to critical or highly critical security vulnerabilities.

During the past 365 days, independent security researchers, cyber-security firms, and even the makers of various software themselves have reported security vulnerabilities, and when necessary, have asked for a CVE (Common Vulnerabilities and Exposures) identifier.

These CVE numbers are used to track security flaws across products and time, and if you hang around infosec circles long enough, you understand how crucial they can be to a security researcher's work.

Apple - the company with the most security bugs in 2015
According to CVE Details, a website that manages an inventory of security vulnerabilities based on their CVE identifiers, during 2015, the company for which the most new CVE numbers have been assigned was Apple.

Security researchers discovered 654 security flaws in Apple's products, 83 more security bugs than Microsoft's total of 571 vulnerabilities, the company that came in second.

Full article. Surprise! Flash Is Not 2015's Most Insecure Software

 

[upnorth]

Oracles CSO will probably not be a happy chappie.

 

[jamescv7]

Simply because the target for widely audience are sometimes adjusted plus mere fact that daily patches reduces future vulnerabilities as possible.

Considering to OS X that even though the kernel is Linux but many are discovered as future risks since not so many current attacks occur.

 

[marzametal]

I don't make use of any of the top 3... my brain is my own worst enemy... lol

 

[conceptualclarity]

What were Apple's worst? My only Apple things are QuickTime and ITunes, seldom used by me.

 

[Cats-4_Owners-2]

What were Apple's worst? My only Apple things are QuickTime and ITunes, seldom used by me.

conceptualclarity, my guess which was confirmed upon reading jamescv7's comments was Apple's Operating Systems were listed with the most vulnerabilities.
@jamescv7's words:

• "...even though the kernel is Linux but many are discovered as future risks since not so many current attacks occur."

...although I should read the whole article!

Edit: Done. James did read it first.

This is why Apple wins the booby prize.

• "As for software products, an Apple product won this title too, with the OS X operating system coming first with 384 security bugs, and iOS coming in second, with 375 bugs."

 

[upnorth]

Top 50 vendors is seen here : Top 50 vendors having highest number of cve security vulnerabilities in 2015

 

[Atlas147]

Well the look at the bright side, at least all the exploits were patched by the vendors when they were found.

 

[Tabeer]

If OS X and ios maintain their 1st and 2nd position in security bugs then I'm surprised why Apple claim that they have' best OS (security wise).

 

[Cats-4_Owners-2]

If OS X and ios maintain their 1st and 2nd position in security bugs then I'm surprised why Apple claim that they have' best OS (security wise).

Question: Does a greater number of vulnerabilities define an operating system as "less"
secure?

Answer: It depends...

• Yes, compromised = vulnerabilities are exploited &/or not patched in a timely way.
  
• No , secure = security holes are announced, repaired, & patched promptly through security updates.

Tabeer, similarly to many Antivirus software companies, Apple (among others) shall continue to claim they develop "The Best" (most secure) operating systems. What makes any OS most secure is You.

 

[LabZero]

Apple - the company with the most security bugs in 2015

Well, Apple is experimenting the same problems experienced by Microsoft a decade ago, when Windows was starting to be the target of massive attacks, underestimating the malware risk.

 

[DracusNarcrym]

And so we arrive to the most definite conclusion so far, regarding computer security:

Nothing is natively secure, and even after proper modifications and/or configuration, no one and nothing can guarantee total invincibility/invulnerability.

The most tested method for rendering an endpoint system ALMOST invulnerable is combined security layers AND safe computing habits.

- - -

It was about time Apple's vulnerabilities were given a chance to be made known to the general public.

 

[frogboy]

And so we arrive to the most definite conclusion so far, regarding computer security:

Nothing is natively secure, and even after proper modifications, no one and nothing can guarantee total invincibility/invulnerability.

The most tested method of rendering an endpoint system ALMOST invulnerable is combined security layers AND safe computing habits.

- - -

It was about time Apple's vulnerabilities were given a chance to be made known to the general public.

That is very well said my friend.

 

[jamescv7]

A simple logic, more vulnerabilities then more active in the development; as we all know everything were done on computers which never stops to improve. Cause that's one thing where users are interested for... And that's from the updates provided by developers as there may be something new that has been added or improved.