2016 was a pretty hot year for security stories and with the year finally at a close it has been found that Android claims the unfortunate crown of being 2016’s most vulnerable product. Oracle follows on with the glamorous title of vendor with the most security bugs. These are statistics based on the number of vulnerabilities reported by security researchers in the past year, bugs which have received a CVE identifier.
According to CVE Details, a site that aggregates all of the data on CVE identified bugs, security researchers discovered and reported 523 security bugs in Google’s Android OS over the course of the year. That is a considerable amound more than Debian Linux which sits in second place with 319 vulnerabilities. Third place went to Ubuntu Linux with 278 CVEs.
The rest of the top 10 is made up by Adobe Flash Player (266 bugs), openSUSE Leap (259 bugs), openSUSE (228 bugs), Adobe Acrobat DC (227 bugs), Adobe Acrobat Reader DC (227 bugs), Adobe Acrobat (224 bugs), and the Linux Kernel (216 bugs).
Mac OS X was last year’s ‘winner’ with 444 bugs, but this year saw Apple’s computer operating system (now dubbed MacOS) jump down to 11th with only 215 reported bugs.
When it comes to software vendors, Oracle sits atop the pack with 793 CVEs, just shy of 100 away from Google in second with 698. Most of Oracle’s bugs have been found in its products such as MySQL, Solaris, and its custom Linux OS version. Most of Google’s reported bugs were found in products such as Android and Chrome.
Third was Adobe with 548 bugs, with the vast majority of bugs reported in Flash Player and different Reader/Acrobat variants.
The rest of the top 10 is made up of Microsoft (492 bugs), Novell (394), IBM (382 bugs), Cisco (353 bugs), Apple (324 bugs), Debian Project (320 bugs), and Canonical (280 bugs).