Linux Owns Microsoft

I've just seen a chart of the top 10 vulnerable vendors for the first half of 2007. Guess who's number one! Yep, it's good old Microsoft, but I guess that is no surprise to you is it? And ranking last in the top 10 was Linux kernel. In this chart, it's a good thing to rank as number 10, since this means that you are the less vulnerable one. This top has been made by IBM and it is a part of their latest reports; that being said, it is clear that Linux owns Microsoft, when talking about security.

But let me give you more details on this - There are many vendors out there, and a lot of them sell vulnerable software, but not all have program flaws publicly disclosed. But, out of the ones that do, the first 5 were accounted for close to 13% of all disclosed vulnerabilities. As seen in the report, this means an actual number of 411 out of 3.273. Microsoft owns a percentage of 4.2% out of all the flaws that can be exploited. Linux kernel, which ranked 10th has been accounted for only 0.9% so you could say that Microsoft products are about 4 times more vulnerable than whatever is based on Linux kernel.

Apple ranked second, with 3% and Oracle was third with 2%, but here is the full chart for the percentage of vulnerabilities for the first half of 2007, so that you can get a better idea of how things are:

Microsoft 4.2%
Apple 3.0%
Oracle 2.0%
Cisco 1.9%
Sun 1.5%
IBM 1.3%
Mozilla 1.3%
XOOPS 1.2%
BEA 1.1%
Linux kernel 0.9%

To be honest, I don't care who gets what rank, I just hope that less vulnerabilities will be disclosed, and by that I don't mean that researchers should be sloppy, but that vendors should be more careful with the software they release.