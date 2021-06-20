



According to a Beyond Trust study, the total number of vulnerabilities associated with Microsoft products increased by 48% compared to 2019. To classify the numbers, I searched for StackWatch, which is a vulnerable statistic.

This is interesting for Microsoft watchers. The company is at the top of the list by vendor, revealing 1,188 security vulnerabilities in 2020. Google was second in 950. Apple ranked 8th in the record. 381 vulnerabilities.

At the time of writing, the 2021 statistics are similar in terms of positioning. Microsoft is number one with 510 vulnerabilities, Google is slightly behind with 507, and Apple is number nine with 147.

How does Windows 10 compare to Android and iOS in terms of security vulnerabilities?

What if you look at the product rather than the vendor? Will Microsoft Work More? Well, the answer is no.

In 2020, Microsoft products ranked 7th out of the top 10 for product vulnerabilities. Windows 10 was at the top of the tree with 802 vulnerabilities, followed by 790 Windows Server 2016 and 743 Windows Server 2019.

The remaining Microsoft Top 10 products were Windows Server 2012 with 6, Windows 8.1 with 7, Windows RT 8.1 with 8, and Windows 7 with 10.

Meanwhile, Google ranked fourth, thanks to 696 Android vulnerabilities. However, Apple didn’t make it to the 14th place with 233 iOS vulnerabilities.

So far, the security vulnerability table published in 2021 looks better for Microsoft, with Windows 10 falling third at 256 after Fedora and Debian Linux.

However, Microsoft is still in 6th place out of the top 10. Google also fell to 6th place with 219 Android vulnerabilities, but Chrome was renewed with 7 of 172. How has Apple been doing so far this year? iOS has fallen to 15 with 111 vulnerabilities, while macOS has 112 to 14.

The good news for Microsoft is that Windows 10 appears to be moving towards fewer publicly available security vulnerabilities than last year. The bad news is that the 2021 Common Vulnerabilities and Exposures (CVE) average importance rating is above 2020, 7.54 compared to 7.42. Both fall into the higher severity categories.

For comparison, Android vulnerabilities averaged 6.99 last year, which is 6.84, and falls into the medium severity category. As for Apple iOS, it’s below Windows 10 in 2020 and 7.30 in 2021, but it’s firmly in the top-rated category in both years.

Are the published vulnerabilities a good indicator of Windows 10 security?

So is this all bad news for Windows 10 users? The answer is both “yes” and “no”.

In my never humble opinion, Windows 10 has so many security issues that it’s not very well reflected in Microsoft. Still, it also shows that the vulnerability discovery platform (bounty hunter hacker) and reporting process are working well.

I’m told that Windows 10, the size of the codebase, has about 50 million lines of code, but I asked Microsoft if it was a problem with the in-house devsec process not working properly, There was no reply before publication.

“There is a bittersweet level of vulnerabilities to report,” said Jake Moore, cybersecurity specialist at ESET. But that means that the vulnerability discovery platform and patching features are working well and working at full flow. “

Also, as HackerOne’s chief security architect Shlomie Liberow puts it another way, “Windows 10 is so widely used that researchers spend more time looking for vulnerabilities in Windows 10. I’m spending. “

“As the progress of security testing and remediation has improved, organizations are doing the right thing when it comes to strengthening security, which is great to see, especially as the effects of cyberattacks are becoming more common. That’s Liberow, adds.

The obvious truth of the problem is that all code almost inevitably contains bugs.

“The most important thing to note, whether they are evil or not, is how quickly they can be patched after they are discovered, before they are abused in the wild. . ”

And based on that, Microsoft is doing the right thing with its monthly patch Tuesday rollouts and occasional emergency updates, but the headline vulnerability numbers may seem shocking.

