2016 was not a good year for Google and Linux software in terms of security vulnerabilities. Here's the list of the top 20 software with the most security flaws in 2016.
Security firm CVE Details has released its list of the top 50 software with the most number of distinct vulnerabilities in 2016. Security flaws range from denial of service (DoS) to code execution and privilege escalation.
While Mac OSX topped the list in 2015, Android took first place in 2016 with a whopping 523 vulnerabilities. The Debian distribution of Linux saw a steep jump in security flaws and shot up the list to take the second spot. This was followed by Ubuntu Linux, which saw a modest increase in vulnerabilities.
Here's a breakdown of the top 20 list:
|Rank||Destination||# of vulnerabilities||Rank||Destination||# of vulnerabilities|
|1||Android (Google)||523||11||Mac OSX (Apple)||215|
|2||Debian Linux (Debian)||319||12||Reader (Adobe)||204|
|3||Ubuntu Linux (Ubuntu)||278||13||Chrome (Google)||149|
|4||Flash Player (Adobe)||266||14||Windows 10 (Microsoft)||172|
|5||Leap (Novell)||259||15||iPhone OS (Apple)||161|
|6||OpenSUSE (Novell)||228||16||Windows Server 2012 (Microsoft)||156|
|7||Acrobat Reader Dc (Adobe)||227||17||Windows 8.1 (Microsoft)||154|
|8||Adobe DC (Adobe)||227||18||Windows RT 8.1 (Microsoft)||139|
|9||Acrobat (Adobe)||224||19||Edge (Microsoft)||135|
|10||Linux Kernel (Linux)||217||20||Windows 7 (Microsoft)||134|
You can compare the results with the 2015 list here.
It's worth noting the CVE Details list itself doesn't breakdown the severity of the vulnerabilities, it simply aggregates them. The list also doesn't differentiate between different versions of some of the software; for example, vulnerabilities for various versions of Mac OSX are lumped together. The same thing goes for Android.
You'll also notice that different versions of Windows OS are listed out separately. We can only assume that's because Microsoft, up until Windows 10, released standalone Windows OS.
Look, no vulnerabilities list is perfect but they do provide some insights into security trends that IT professionals need to be aware of.
Given the large marketshare Android has in the mobile OS market, it's no surprise that there has been a sharp rise in vulnerabilities for the operating system.
What is interesting to highlight is the high number of vulnerabilities found on Linux operating systems. Debian, Ubuntu, OpenSUSE (including Leap) and the Linux kernel itself all made the list. While there may still be some lingering impression that Linux-based operating systems are extremely secure, that's obviously not the case.
Sure, there may not be as many people running Linux on their desktops compared to Windows and Mac OS, but the operating system is extremely popular in the server space. Let's not forget that Android itself is also Linux-based. Having said that, it's still easier to secure Linux operating systems compared to, say, Windows; it's just important to remember that Linux isn't infallible when it comes to security. The most notable vulnerability for Linux in 2016 was Dirty Cow.
As a bonus, CVE Details has also created a graph that consolidated the 2016 results by vendor:
You can head over to CVE Details for a detailed breakdown of the different types of vulnerabilities that were reported for each software in 2016.