Sourcefire's report on 25 years of vulnerabilities also tackles what it acknowledges as a "controversial topic" reviewing vulnerabilities by vendor and open-source software grouping.
According to the report's analysis, the "10 worst offenders" from top down were: Microsoft; Apple; Oracle; IBM; Sun (acquired by Oracle); Cisco; Mozilla; Linux; HP; Adobe. In terms of limiting the rankings to just high-severity vulnerabilities, the list is similar, with Microsoft at the top, and Google added into the group and "Linux" dropped.
Sourcefire acknowledges that some may argue with its analysis here. The "Linux kernel" had the most CVEs reported for it at 937, but the "various iterations of Windows are considered different products, while Linux is considered a single product and Mac OS X are considered three products, which further skews the data." But Sourcefire says by combining the CVEs for all versions of Windows except the mobile ones, Windows is pinned with 1,114 vulnerabilities. Doing something similar for Linux as it did for Window by adding CVEs assigned to major vendors like Ubuntu and Red Hat, the Linux count goes to 1,752 vulnerabilities. Mac OS comes out at a total of 827.
For high-severity vulnerabilities, the product Windows XP earns the dubious position of the No.1 spot. "What's also interesting here is that of the top four browsers that have a total of 90% of the browser market share, Firefox has the most vulnerabilities in every category, followed by Chrome, then Internet Explorer and finally Safari," the report concludes.
Ellen Messmer is senior editor at Network World, an IDG publication and website, where she covers news and technology trends related to information security. Twitter: MessmerE. E-mail: firstname.lastname@example.org.
Read more about wide area network in Network World's Wide Area Network section.