An analysis of theNational Vulnerability Database of the National Institute of Standards and Technology has shown that, whether the number of vulnerabilities is an indication of exploitability, Windows 10 seems to be much more secure than Android, Mac OS or Linux.
Although lately we have had a lot of news about problems in Windows updates, mainly in Windows 7 These flaws mainly affect the use and performance of the operating system, but they are not vulnerabilities that can be exploited.
During the last decade, Debian Linux had 3067 technical vulnerabilities, that they defined as ” a feature or setting that can be exploited by an attacker to gain unauthorized access or misuse of a network and its resources”. The next was Android with 2563, the linux kernel with 2357 and Mac OSX with 2212.
Windows 10 just registered 1111 technical vulnerabilities, and even if we add Windows 10 (launched in 2015) a Windows 7 (launched in 2009), the total is still much less than Android and Debian Linux.
Of course, Microsoft has many more products than Windows, And this means that the software giant also has a much higher burden of vulnerabilities.
The sum of all the vulnerabilities of each of its products is taken at the end as a single.
Microsoft tops the list with 6814 reported vulnerabilities collected during the decade, but it only has 12.9 vulnerabilities by product, versus 54.4 for Google and 37.9 para Apple.
Of course, raw numbers don't tell the whole story, as some vulnerabilities are more serious than others.
That showed that, as expected, Adobe Acrobat and Flashplayer was the most dangerous software to have on your PC, even so Microsoft Office and Internet Explorer were not far from the top positions. The absence of newer platforms like Chrome or Windows 10 shows that companies have improved vulnerability mitigation and developed better defense in depth.
The report also notes that while thousands of technical vulnerabilities can be alarming, vulnerabilities are detected, on average, within 197 days and are in 69.
The main conclusion of the analysis seems to remain in the latest version of the platform offered by its provider and, of course, stay patched.
The full report, in much more detail, can be read here.