Posted by: David Harley | July 12, 2010

Apple: no worms, lots of bugs

John Leyden reports in the Register that “Apple ranks first in surging security bug count“.

He’s reporting on the Secunia Half Year Report 2010, which makes a number of interesting statistical points.

Secunia says that “A group of ten vendors, including Microsoft, Apple, Oracle, IBM, Adobe, and Cisco, account on average for 38 percent of all vulnerabilities disclosed per year,” and shows Apple ahead of Oracle and Microsoft in the top three rankings for the overall number of bugs reported across entire product ranges.

Don’t throw away all your iGadgets just yet, though. As I’ve pointed out many times before, though not necessarily here:

  • Bugs detected and patched in reasonable time are a positive, not a negative. What matters isn’t the number of bugs, but the timeliness of the patching, and that applies as much to Apple as to Microsoft or anyone else.
  • Bugs detected (irrespective of the time it takes to patch them) is not the same as the number of security breaches you “should” be panicking about.
    • Not all bugs are exploited or exploitable by malware, or carry the same intensity of risk
    • Not all malware relies on exploits in the operating system, or associated utilities, or third-party programs. Actually, most of it relies on exploits in wetware (i.e. social engineering exploiting imperfect understanding in the human component controlling the keyboard/mouse/touchpad/keypad.

That doesn’t mean you should be complacent, either. Secunia’s figures suggest that the number of bugs for 2010 is set fair to exceed 2009’s by an impressive quantity. Third-party bugs and exploits are, as security vendors have been pointing out for a while, escalating.

If you’re interested in who those top ten vendors are, they are:

Adobe Systems
Mozilla Organization

But read the report: it’s only 19 pages, and well worth your time.

Mac Virus Administrator
Small Blue-Green World
AVIEN Chief Operations Officer

Also blogging at:

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.


%d bloggers like this: