Which Company Is Linked to the Highest Number of Vulnerabilities?

  • A vulnerabilities database logging data for the past decade gives an idea of how software development and maintenance work.
  • Linux and open-source products count the most vulnerabilities out there, while big tech top the list on the vendors.

Researchers of the Comparitech team have dug deep into the “CVE Details” database, analyzing data from 1999 to 2019. The source contains over 64,000 logged flaws for 50 vendors and 73,000 across 50 products. So, which vendor and which product top the lists, and what does this mean exactly for their security?

Counting from 1999 to 2019, Microsoft sits at the top with 6,700 vulnerabilities, Oracle is second with 5,500, and IBM is third with 4,600. Google, Apple, and Cisco follow closely behind, while the rest of the list mostly concerns Linux and open-source projects in general.

Source: Comparitech blog

Debian had a spike in vulnerability reports in 2018, logging a whopping 1,200, and this also happens to be the record-breaking year in general, recording a total increase of 19.3% compared to 2017.

As for the products with the most distinct vulnerabilities, Debian Linux comes first, Android second, and the Linux kernel third. Windows 7, 10, Server 2008, Firefox, MacOS X, Ubuntu, Chrome, and the iOS follow right after.

Source: Comparitech blog

So, does this mean that Debian Linux is extremely insecure and vulnerable to a wide range of exploitation scope? The answer is "not necessarily." Finding and reporting bugs is a key step in the process of securing a product, as you can’t fix what remains undiscovered.

Surely, finding a large number of flaws in software code indicates that the developers were not careful enough or very considerate towards matters of security when they were writing code, but this is not to be determined by these stats alone.

In Linux and open-source software, we often see the introduction of bugs happening through code and commits that come from a large number of contributors, and it's hard to scrutinize them all properly. Many of those who are reviewing the contributions are volunteering themselves, so there’s a lot that can slip through.

On the other side, open-source projects enjoy big help from user reports, who are generally more tech-savvy. Thus, the "free software" userbase is more prone to fiddling with things, more capable of discovering flaws, and in full conscience on the importance of reporting them.

As for why Microsoft, Oracle, IBM, Google, Apple, and Cisco are at the top of the vendors' list, this is simple to explain too. These are firms that maintain an extensive and complex ecosystem of products, employ teams of full-time security engineers who dig in the code on a daily basis, and run very alluring bug bounty programs that enjoy a constant source of bug reports.

How to Watch America’s Funniest Home Videos Season 34 Online from Anywhere
What could be the best way to make money, spread laughter, and have a blast simultaneously? The answer: America's Funniest Home Videos....
How to Watch Family Guy Season 22 Online Free from Anywhere
Family Guy Season 22 continues to follow the funny day-to-day activities of the Griffins, particularly Peter’s. The new season is set to...
How to Watch Bob’s Burgers Season 14 Online from Anywhere
Bob's Burgers has been entertaining us with its unique charm and warmth for over 10 years. The Belcher family—Bob, Linda, and their...
For a better user experience we recommend using a more modern browser. We support the latest version of the following browsers: For a better user experience we recommend using the latest version of the following browsers: Chrome, Edge, Firefox, Safari