Posted by: David Harley | July 12, 2010

Apple: no worms, lots of bugs

John Leyden reports in the Register that “Apple ranks first in surging security bug count“.

He’s reporting on the Secunia Half Year Report 2010, which makes a number of interesting statistical points.

Secunia says that “A group of ten vendors, including Microsoft, Apple, Oracle, IBM, Adobe, and Cisco, account on average for 38 percent of all vulnerabilities disclosed per year,” and shows Apple ahead of Oracle and Microsoft in the top three rankings for the overall number of bugs reported across entire product ranges.

Don’t throw away all your iGadgets just yet, though. As I’ve pointed out many times before, though not necessarily here:

  • Bugs detected and patched in reasonable time are a positive, not a negative. What matters isn’t the number of bugs, but the timeliness of the patching, and that applies as much to Apple as to Microsoft or anyone else.
  • Bugs detected (irrespective of the time it takes to patch them) is not the same as the number of security breaches you “should” be panicking about.
    • Not all bugs are exploited or exploitable by malware, or carry the same intensity of risk
    • Not all malware relies on exploits in the operating system, or associated utilities, or third-party programs. Actually, most of it relies on exploits in wetware (i.e. social engineering exploiting imperfect understanding in the human component controlling the keyboard/mouse/touchpad/keypad.

That doesn’t mean you should be complacent, either. Secunia’s figures suggest that the number of bugs for 2010 is set fair to exceed 2009’s by an impressive quantity. Third-party bugs and exploits are, as security vendors have been pointing out for a while, escalating.

If you’re interested in who those top ten vendors are, they are:

Apple
Oracle
Microsoft
HP
Adobe Systems
IBM
VMware
Cisco
Google
Mozilla Organization

But read the report: it’s only 19 pages, and well worth your time.

David Harley CITP FBCS CISSP
Mac Virus Administrator
Small Blue-Green World
AVIEN Chief Operations Officer

Also blogging at:
http://avien.net/blog/
http://smallbluegreenblog.wordpress.com/
http://blogs.securiteam.com
http://blog.isc2.org/
http://dharley.wordpress.com
http://chainmailcheck.wordpress.com
http://amtso.wordpress.com

http://wp.me/pL5CO-9O

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Categories

%d bloggers like this: