14 DAY TRIAL // In a list of vulnerabilities recorded by the top 20 core products in 2014, Google Chrome came out at the top, with 504 security flaws reported, the next web browser following three positions behind, with less than 300.
The information comes from a report created by information security company Secunia, who gathers data from systems equipped with its Personal Software Inspector (PSI), a tool that keeps track of software vulnerabilities plaguing programs on the PC.
Highly critical flaws decreased in 2014
The company reports that the total number of vulnerabilities detected through 2014 amounted to 15,435, affecting 3,870 products from 500 vendors.
In the year before, a smaller amount of security weaknesses had been recorded, creating an 18% gap between the two periods of time.
According to statistics from the company, 11% of the total number of flaws identified in 2014 were labeled as “highly critical” and 0.3% of them received the “extremely critical” (such as Heartbleed and Shellshock) severity rating.
It is worth noting that Secunia recorded a decrease of “highly critical” glitches in 2014, from 16.2%.
In a larger list comprising 50 software products, glitches belonging to these two severity categories were predominant, accounting for 74.6% of the total.
Top 20 core products recorded more than 4,000 security flaws
Secunia’s set of top 20 core products comprises web browsers, client managers, open source libraries and operating systems.
Falling close behind Google Chrome is Oracle Solaris, with 483 vulnerabilities, followed on the third place by Gentoo Linux, for which the company reported 350 flaws.
As per the report from the company, Microsoft’s Internet Explorer had 289 issues in 2014, while Avant browser ranked fifth with 259. Mozilla Firefox is also present, at the middle of the list (#11), with 171 glitches.
Other important products for consumers available in this top include Apple’s OS X (#13 - 147 problems), Java (#17 - 119 issues) and Microsoft Windows 8, which closes the list with 105 weaknesses reported.
Most of the patches were available on disclosure day
Important to stress is the fact that the vulnerabilities presented by Secunia do not necessarily reflect a product’s level of insecurity and that patches have been delivered.
The report states that 83.1% of the problems had a patch ready on the day of the disclosure, which is more than in the previous year. In the rest of the cases, a solution for the issue was delivered after more than a day from the disclosure time.
Also, Google makes an effort to find new bugs in its products and services so that they can be patched as soon as possible by providing anyone the possibility to earn financial rewards through disclosing security issues in a responsible manner.
This approach is significant to the total number of vulnerabilities reported for its programs. It is very likely that without Google's vulnerability reward program Chrome would not be the head of such lists.
