Top Unpatched Vulnerabilities by Company
So I was watching the HNN show for this week and near the end they showed a list of companies and the counts for unpatched, yet known vulnerabilities in their software. Below is the list. Not surprising me, but Adobe is at the top … again.
| Company | Count |
|---|---|
| Adobe | 25 |
| HP | 18 |
| Apple | 15 |
| Oracle | 14 |
| Novell | 12 |
| Mozilla | 8 |
| Microsoft | 7 |
| Sybase | 6 |
| Symantec | 4 |
| RealNetworks | 4 |
What does this information tell me?
- Stop using Adobe software. I think Adobe needs 3+ more years to create software that includes security by design aspects. Patching their old code-base, which is what they’ve been doing, doesn’t help. The design flaws from a security perspective are too large.
- I’m pretty impressed that Microsoft is so low with their huge number of software products.
- Oracle has never been very good at pushing patches for their products, IME. Their tools tended to be used on internal networks, not on the internet, so being lax wasn’t as big a deal. With the purchase of Sun, Oracle really needs to step up their patch fixes.
- I don’t use any Apple software … but they are involved with CUPS (UNIX printing) in some way.
- The HP issues seem to be mostly connected to backup software that I doubt most people have or use.
Trackbacks
Use the following link to trackback from your own site:
https://blog.jdpfu.com/trackbacks?article_id=1079
