[LINK] Oracle and Apple top the list of security vulnerabilities

Kim Holburn kim at holburn.net
Sat Jul 17 21:26:16 AEST 2010 

On 2010/Jul/17, at 5:49 PM, Scott Howard wrote:

> On Sat, Jul 17, 2010 at 12:30 AM, Jan Whitaker  
> <jwhit at janwhitaker.com>wrote:
>
>> This is an interesting report. Note Microsoft is number 3. Blame
>> itunes and quicktime.
>>
>>> http://secunia.com/gfx/pdf/Secunia_Half_Year_Report_2010.pdf
>>
>
> On page 6 they make the following statement :
> "... it rather shows that vulnerabilities continue to be discovered in
> significant numbers in products from even the largest and most popular
> vendors including those who spend significant resources on improving  
> the
> security of their products."
>
> But how do companies go about "improving the security of their  
> products"?
> They look for bugs, they find them, fix them, and then generally  
> (where
> relevant) they release a security advisory.
>
> I've only had a very quick skim-read of the report, but I can't see  
> any
> distinction made between vulnerabilities discovered by the vendors
> themselves and patched before they were made public, and those  
> discovered
> and released by others.  Based on that, there's no way to  
> differentiate
> between which of these companies are pro-active in discovering,  
> fixing, and
> communicating problems, versus those that silently fix security issues
> without announcing them - something Apple is very well known for  
> (and yet,
> despite that they still got #1 - go figure!)

Actually I have a very different take on this.  Much of the software  
on Macs is open source and bugs in this software are often found and  
fixed in public.  In Apple's closed source programs and all of  
Microsoft's offerings, bugs can be found and fixed only in private and  
patched without publicity.  Microsoft is just as or more likely to do  
this than Apple.

And finally the biggy.  Number of vulnerabilities is not the same as  
number of *actual successful attacks*.  In terms of numbers of actual  
successful attacks one OS reigns supreme however much they like to  
spin it.


-- 
Kim Holburn
IT Network & Security Consultant
T: +61 2 61402408  M: +61 404072753
mailto:kim at holburn.net  aim://kimholburn
skype://kholburn - PGP Public Key on request

More information about the Link mailing list