Which Company Is Linked to the Highest Number of Vulnerabilities?

  • A vulnerabilities database logging data for the past decade gives an idea of how software development and maintenance work.
  • Linux and open-source products count the most vulnerabilities out there, while big tech top the list on the vendors.

Researchers of the Comparitech team have dug deep into the “CVE Details” database, analyzing data from 1999 to 2019. The source contains over 64,000 logged flaws for 50 vendors and 73,000 across 50 products. So, which vendor and which product top the lists, and what does this mean exactly for their security?

Counting from 1999 to 2019, Microsoft sits at the top with 6,700 vulnerabilities, Oracle is second with 5,500, and IBM is third with 4,600. Google, Apple, and Cisco follow closely behind, while the rest of the list mostly concerns Linux and open-source projects in general.

Source: Comparitech blog

Debian had a spike in vulnerability reports in 2018, logging a whopping 1,200, and this also happens to be the record-breaking year in general, recording a total increase of 19.3% compared to 2017.

As for the products with the most distinct vulnerabilities, Debian Linux comes first, Android second, and the Linux kernel third. Windows 7, 10, Server 2008, Firefox, MacOS X, Ubuntu, Chrome, and the iOS follow right after.

Source: Comparitech blog

So, does this mean that Debian Linux is extremely insecure and vulnerable to a wide range of exploitation scope? The answer is “not necessarily.” Finding and reporting bugs is a key step in the process of securing a product, as you can’t fix what remains undiscovered.

Surely, finding a large number of flaws in software code indicates that the developers were not careful enough or very considerate towards matters of security when they were writing code, but this is not to be determined by these stats alone.

In Linux and open-source software, we often see the introduction of bugs happening through code and commits that come from a large number of contributors, and it’s hard to scrutinize them all properly. Many of those who are reviewing the contributions are volunteering themselves, so there’s a lot that can slip through.

On the other side, open-source projects enjoy big help from user reports, who are generally more tech-savvy. Thus, the “free software” userbase is more prone to fiddling with things, more capable of discovering flaws, and in full conscience on the importance of reporting them.

As for why Microsoft, Oracle, IBM, Google, Apple, and Cisco are at the top of the vendors’ list, this is simple to explain too. These are firms that maintain an extensive and complex ecosystem of products, employ teams of full-time security engineers who dig in the code on a daily basis, and run very alluring bug bounty programs that enjoy a constant source of bug reports.


Recent Articles

Hulu Will Offer an Amazing Subscription Deal for Black Friday

Hulu will make a subscription offer you can’t ignore, setting the price of its basic tier at $1.99 per month.The offer will...

How to Watch UFC 257: Poirier vs. McGregor 2 – Live Stream, Start Time, Fight Card, Betting Odds

We're finally getting a rematch between Dustin Poirier and Conor McGregor, a rematch in the making for over six years. UFC 257...

Two Baidu Apps Found to Be Leaking Sensitive User Data

Researchers uncovered what really goes on under the hood of two Baidu apps for Android.The apps are collecting sensitive user and device...