Whilst high profile vulnerabilities in popular products tend to make the headlines, they’re often not the ones that most of us face on a regular basis.
IT security specialist Secunia has released a new quarterly Vulnerability Update revealing the day-to-day threat landscape. It lists the number of vulnerabilities disclosed for software products over a three month period.
Secunia looked at 50,000 products and ranked the top 20 with the most disclosed vulnerabilities for each month. Google Chrome topped the tree in August with 64 vulnerabilities and in October with 162, however, Apple OS X took over the top slot in September with 59.
Other interesting entries include Oracle Solaris, taking the number two slot in August with 58 vulnerabilities, and Apple iOS which took the eighth slot in September with 20. Several IBM products make the top 20 list for each month, this is largely due to the fact that IBM likes to bundle products with third-party software, often things like Java and OpenSSL.
That these programs are bundled within the individual IBM product means that every time a vulnerability is discovered and a patch released the corresponding IBM products need patching too.
Also interesting is that August saw nine OpenSSL vulnerabilities. Not terribly exciting you might think, but what Secunia calls 'OpenSSL Take 3' shows that in the wake of earlier OpenSSL vulnerabilities like Heartbleed and Shellshock if a problem doesn't have a catchy name and a dose of publicity it’s less likely to be disclosed and patched.
More information on Secunia's vulnerability reviews is available on the company's website.
Photo Credit: Sergey Nivens/Shutterstock