Apple may have dethroned Microsoft as the world's biggest tech company, but it has also taken the top spot as the company with the most software security vulnerabilities, according to Secunia, a security company.
Based on Secunia's data, Oracle, which had been the leader, is now in second place, followed by Microsoft.
As CNET notes, Secunia's ranking takes into account only the number of vulnerabilities, but "not to how risky they are or how fast they get patched." Apple Insider offers an additional perspective on the data, arguing that the Secunia data should be taken with a grain of salt. Apple Insider points out that Secunia itself issues the caveat that the "statistics provided should NOT be used to compare the overall security of products against one another."
Ars Technica offers some perspective on the list:
Though this does not necessarily mean that Apple's software is the most insecure in practice--the report takes no consideration of the severity of the flaws--it points at a growing trend in the world of security flaws: the role of third-party software. Many of Apple's flaws are not in its operating system, Mac OS X, but rather in software like Safari, QuickTime, and iTunes. Vendors like Adobe (with Flash and Adobe Reader) and Oracle (with Java) are similarly responsible for many of the flaws being reported.
Some additional highlights from the report:
- During the first 6 months of 2010 we already reached 380 vulnerabilities or 89% of the figures for the entire 2009.
- On average, 10 vendors are responsible for 38% of the vulnerabilities per year.
See Secunia's chart below to compare how the top ten vendors performed, and how their vulnerabilities have changed since 2005.