Apple and Oracle his top of the list for most vulnerabilities

Danish security firm Secunia recently reported that Apple surpassed Oracle this year as the software developer with the most vulnerabilities.

Apple and Oracle were followed by Microsoft, who has held the number 3 spot in Secunia's list since 2006. Others in the top ten list of software vendors with most vulnerabilities were HP, Adobe Systems, IBM, VMware, Cisco, Google and the Mozilla foundation.

Renowned Apple hacker Charlie Miller said Apple's security problems have grown along with the brand's popularity, but the company has done fairly okay in patching the holes in its products.

"Ironically, even though Apple has many more vulnerabilities than other vendors, you still don't see many actual attacks in the wild," Miller said. "This is a function of their relatively low market share compared to, say, computers running Microsoft Windows. At this point, it makes more economic sense for attackers to focus on the 90% of computers their encounter, namely, those running Windows."

Secunia, which has looked at 29,000 software products from 4,000 software vendors since 2005, also found that despite software developers' hefty investments to improve the security of their products, vulnerabilities are still as abundant as they were five years ago.

You can read the report at http://secunia.com/gfx/pdf/Secunia_Half_Year_Report_2010.pdf