Surprise! Flash Is Not 2015's Most Vulnerable Software

Discussion in 'other security issues & news' started by Minimalist, Jan 3, 2016.

  1. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    5,078
    http://news.softpedia.com/news/surprise-flash-is-not-the-most-insecure-software-of-2015-498334.shtml
     
  2. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    2,969
    Location:
    U.S.A.
    It's still the top scorer as far as Win software goes followed by the top three browsers.
     
  3. wat0114

    wat0114 Registered Member

    Joined:
    Aug 5, 2012
    Posts:
    1,985
    Location:
    Canada
    Flash may not be the most vulnerable, but it is certainly the most exploited.
     
  4. summerheat

    summerheat Registered Member

    Joined:
    May 16, 2015
    Posts:
    726
    As already discussed in other threads, this kind of counting is utter nonsense. First of all, it doesn't take into account how many of those vulnerabilities were really exploited, how much at risk the users were from those vulnerabilities and how fast they were fixed. Moreover, the counting is completely inconsistent: The bugs for Windows 7, 8, 8.1 and 10 are separately listed while the bugs for the various Mac OS X versions are condensed in one entry. And what about Internet Explorer? No distinction between the various versions and no pointer that IE is tightly integrated in Windows by default. So the IE bugs should perhaps rather be counted as Windows bugs?

    These examples show again how worthless this kind of bug counting really is.
     
  5. wat0114

    wat0114 Registered Member

    Joined:
    Aug 5, 2012
    Posts:
    1,985
    Location:
    Canada
    Okay, but in the case of Flash, does exploit count matter? It was the most exploited software this past year. It seems to be the most perpetually bug-filled software on the planet; they fix 30 exploitable bugs and immediately another 30 or so are discovered. Some exaggeration here, probably, but I think not too far from fact.
     
  6. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    8,046
    Location:
    The Netherlands
    Yes correct. And "Code Execution" bugs are the most serious ones, the statistics prove that Flash is ridiculously insecure. Chrome did only slightly better compared to Firefox, but the Chrome bugs were probably harder to exploit and were perhaps also fixed faster. And a lot of bugs in Win 8.1 are perhaps also not that easy to exploit, so all of this should be taken into consideration.

    http://www.cvedetails.com/product/3264/Mozilla-Firefox.html?vendor_id=452
    http://www.cvedetails.com/product/15031/Google-Chrome.html?vendor_id=1224
    http://www.cvedetails.com/product/6761/Adobe-Flash-Player.html?vendor_id=53
    http://www.cvedetails.com/product/26434/Microsoft-Windows-8.1.html?vendor_id=26
     
  7. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    8,046
    Location:
    The Netherlands
    I need to correct myself, I didn't read it correctly. Chrome was a lot safer than Firefox, it had only 8 code execution bugs in 2015, compared to 83 bugs in FF.
     
  8. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    5,078
  9. Cutting_Edgetech

    Cutting_Edgetech Registered Member

    Joined:
    Mar 30, 2006
    Posts:
    4,953
    Location:
    USA
  10. amarildojr

    amarildojr Registered Member

    Joined:
    Aug 8, 2013
    Posts:
    1,990
    Location:
    Brasil
    So these guys still believe the security of an OS is completely determined by how many vulnerabilities they have? They don't even consider how bad the vulns are or if the reports even account for something that affects every user.

    What a joke.
     
Loading...