Apple has displaced Oracle as the company with the most security vulnerabilities in its software, according to security company Secunia. Over the first half of 2010, Apple had more reported flaws than any other vendor. Microsoft retains its third-place spot. Secunia has tracked security vulnerabilities and issues advisories since 2002, producing periodic reports on the state of software. Together, the top ten vendors account for some 38% of all flaws reported.

Though this does not necessarily mean that Apple's software is the most insecure in practice—the report takes no consideration of the severity of the flaws—it points at a growing trend in the world of security flaws: the role of third-party software. Many of Apple's flaws are not in its operating system, Mac OS X, but rather in software like Safari, QuickTime, and iTunes. Vendors like Adobe (with Flash and Adobe Reader) and Oracle (with Java) are similarly responsible for many of the flaws being reported.

View the full article

A large company with many products will have more flaws reported than smaller companies with fewer products.

Uhhh...

Yet another journalist's misleading headline from the Secunia half-year report. To be fair to ArsTechnica, however, the body of their article actually does bear some reasonable resemblance to what Secunia actually say in their report.

That's more than can be said for the CRN/ChannelWeb article on the same Secunia report currently circulating in one of the security mailing lists I subscribe to.

The CRN report deserves some form of wooden spoon award for the most inaccurate, most misleading, software security article of the year.

It makes the equation (and bases the article on) the premise that:

most patched = most insecure project

which is absolute rubbish, because it should be

most UN-patched = most insecure product

My recommendation: read the actual Secunia report itself (PDF file, 889 kB). Page 14 is the page that journalists seem to be unable to understand.

.