[LINK] Oracle and Apple top the list of security vulnerabilities

Scott Howard scott at doc.net.au
Sat Jul 17 17:49:30 AEST 2010

On Sat, Jul 17, 2010 at 12:30 AM, Jan Whitaker <jwhit at janwhitaker.com>wrote:

> This is an interesting report. Note Microsoft is number 3. Blame
> itunes and quicktime.
> >http://secunia.com/gfx/pdf/Secunia_Half_Year_Report_2010.pdf

On page 6 they make the following statement :
"... it rather shows that vulnerabilities continue to be discovered in
significant numbers in products from even the largest and most popular
vendors including those who spend significant resources on improving the
security of their products."

But how do companies go about "improving the security of their products"?
They look for bugs, they find them, fix them, and then generally (where
relevant) they release a security advisory.

I've only had a very quick skim-read of the report, but I can't see any
distinction made between vulnerabilities discovered by the vendors
themselves and patched before they were made public, and those discovered
and released by others.  Based on that, there's no way to differentiate
between which of these companies are pro-active in discovering, fixing, and
communicating problems, versus those that silently fix security issues
without announcing them - something Apple is very well known for (and yet,
despite that they still got #1 - go figure!)


More information about the Link mailing list