TheBestVPN portal experts published an analysis of operating system vulnerabilities based on the database of the National Institute of Standards and Technology. According to the portal, over the past 20 years, the most vulnerabilities have been found in the Debian GNU / Linux OS.
From 1999 to 2019, researchers discovered a total of 3,067 vulnerabilities in Debian. The second place in terms of the number of detected security errors is Android (2563 errors), the third is Linux Kernel (2357 errors). On the fourth and fifth lines of the ranking are macOS with 2212 and Ubuntu with 2007 vulnerabilities, respectively.
“Over the past 20 years, 3067 technical vulnerabilities have been registered in the free Debian Linux OS, which makes it the most vulnerable product. The product is not defenseless, but the community using Debian Linux is very responsive, and vulnerabilities are usually fixed within a few days, ”TheBestVPN experts point out.
Also, experts made a list of the most vulnerable systems over the past year. In the first place in the rating-2019 was Android with 414 security error messages, in second and third places were Debian Linux and Windows Server 2016.
“Although our analysis shows that Debian Linux can be considered the most problematic operating system in 20 years, in 2019 Android had 54 more vulnerabilities than Debian. This may be due to the fact that Android phones come with preinstalled third-party applications, which ultimately causes errors, ”the report says.
At the same time, as the researchers indicate, the number of detected errors in Android every year is becoming less. For the entire existence of Android, 2563 vulnerabilities were found in it.
One of the most popular OS, Windows 7, was on the tenth line of the overall rating with 1283 errors. In the ranking for 2019, Windows products took 4, 5 and 6 places. These turned out to be Windows Server 2016, Windows 10, and Windows Server 2019 with 360, 357, and 357 vulnerabilities, respectively. Most errors in 20 years among Windows were found in Windows Server 2008 (1421 security error).
“Microsoft is one of the most successful technology companies in the world, but its products are still vulnerable to attacks; In 2019, 668 vulnerabilities were registered in all Windows products. Since 2009, 6814 vulnerabilities have been found in Microsoft, making the company the most vulnerable software provider in these 20 years. “Oracle (6115 errors), IBM (4679 errors), Google (4572 errors) and Apple (4512 errors) are among the top five,” the report said.
Regarding the severity of errors, using a common vulnerability assessment system (CVSS), which varies from 0 to 10, experts identified products with the most dangerous vulnerabilities from 1999 to 2019. It turned out that the highest indicator on this scale was Adobe Flash Player (9.4).
“This means that errors detected in the application are more likely to lead to a breach of confidentiality,” TheBestVPN explains.
Adobe Flash Player is followed by Adobe Acrobat and Microsoft Office in the severity rating.
The total number of detected errors in operating systems is growing over the years, follows from the report. If in 1999 894 security errors were recorded, then 20 years later this figure increased almost 14 times – up to 12 174. The largest number of vulnerabilities were discovered in 2008 – more than 16 thousand. 1197 of them came from Debian GNU / Linux. In 2019, a total of 12,174 vulnerabilities were found in the software. More than a quarter of them – 25.3% – allowed attackers to execute arbitrary code on devices, 17.7% related to cross-site script execution, and 13.9% related to buffer overflows.