Lunduke
News • Science & Tech
Which Operating System has the Most Vulnerabilities?
Windows? iOS? Ubuntu? Do you know... for sure?
April 02, 2024
post photo preview

The recent, high profile software vulnerabilities have raised a number of questions about the security of our software.

Three questions which have been on my mind:

  1. Is software less secure now... than it used to be?
  2. Which has more vulnerabilities... Open Source Software or Closed Source Software?
  3. Which Operating System has the most vulnerabilities... and which has the least?

These seem like fair questions to ask.  And, considering the massive amount of data available, we should be able to arrive at some definitive answers.  Yet, when we see discussions around exactly these topics, most of the statements seem to be based on feelings and preferences... rather than hard facts.

Let's fix that.

First we need to grab details on all publicly known CVEs (aka "Common Vulnerabilities and Exposures") -- the standard way of publishing details around exploits and vulnerabilities -- and drill down into that data.  Luckily CVEdetails.com makes obtaining this data incredibly simple (the data below is obtained from there).

Is software less secure now... than it used to be?

The easiest way to begin answering this question is to track the number of CVEs reported per year... and put that data into a pretty graph.

At the current rate, 2024 will have more CVEs than any previous year.

And the results are... not exactly difficult to read.  It goes up pretty much every year -- accelerating, significantly, over the last few years.

  • 2022: 25,083
  • 2023: 29,065

That's a roughly 16% increase in the total reported CVEs... in just one year.

And, at the current rate (January through March of this year), 2024 is on track to hit 35,484 by the end of the year.  Which would be a 22% increase, year on year.

There are two likely possibilities which could explain this:

  1. We are getting much better at finding the vulnerabilities in software.
  2. We are adding more vulnerabilities to software.

And, in fact, both could absolutely be true.

Considering the ever-increasing complexity of our software systems (both in terms of total Lines of Code and number of interdependent systems), it seems reasonable that at least some portion of this dramatic increase in CVEs is thanks to us simply having more vulnerabilities in software.

This is about as close to a definitive answer as we are going to get: Based on the available data, yes.  Software is less secure now than it used to be.

Which Operating System has the most vulnerabilities... and which has the least?

Now let's pull data on all known CVEs... and sort them by Operating System (again, using data gathered from CVEdetails.com).

Behold.

Hello, Debian!

Your eyes do not deceive you.  Debian Linux has had the highest number of reported vulnerabilities, clocking in at a whopping 8,751.

  • Android is in second place, with 7,008 CVEs.
  • And Ubuntu Linux was trailing in third place, with 4,058.

Windows, iOS, and macOS all had significantly lower total numbers of reported vulnerabilities.

Note: I left a variety of BSD and UNIX systems off this list as their number of total CVEs was lower than the lowest entry on the chart.  FreeBSD: 488, OpenBSD: 188, NetBSD: 167, Solaris: 532.

But... that chart above only provides part of the picture, as it includes all CVEs ever reported.

Therefore, while it is a fascinating glimpse into past (and overall) vulnerability, it does not give us a good indicator of the current security of each given OS.

To solve that, let's look at a singular recent major version of each OS.  While the versions below are not all of the same age, each was chosen as: 1) a recent release, 2) publicly available for enough time to be somewhat well tested, and 3) with sufficient data available to be worth evaluating.

Yikes, Android!

The results clearly show Android as the Operating System with the largest number of known vulnerabilities (currently).

  • iOS (for iPhone) has roughly 10% of the reported CVEs as Android.  Or, to put another way, "1,000% more secure".
  • Both Windows and macOS clock in as measurably more secure than Ubuntu (in terms of total number of vulnerabilities found).

The old narrative that "Linux is more secure" appears to be... mostly untrue.

That said, it's entirely possible that the Open Source nature of Linux (and the software ecosystem around it) has enabled a higher percentage of vulnerabilities to be found, compared to Closed Source systems.  But that is purely speculative, and we need to go on what data we have available.

No matter which way you slice it -- modern versions of major Linux Distributions have significantly more known vulnerabilities than modern versions of Windows or macOS.

The Findings

We can safely declare, based on available data, the following:

Q: Is software less secure now... than it used to be?

A: Yes.  Demonstrably so.  And it's getting worse, year on year.

Q: Which Operating System has the most vulnerabilities... and which has the least?

A: Linux based systems contain the most reported vulnerabilities, with Android (Linux-based) leading the pack by a large margin.  Windows, macOS, iOS (and most BSD / UNIX systems) all have significantly fewer known vulnerabilities.

Q: Which has more vulnerabilities... Open Source Software or Closed Source Software?

A: This is a mixed bag.  Open Source BSD systems have significantly less known vulnerabilities (both in total, and per version) than the Closed Source Microsoft Windows.  At the same time, Open Source Linux (and Android) led the pack in vulnerabilities.  One thing we can say for sure: The most vulnerable systems are Open Source (to one degree or another).

I don't like these numbers any more than you do.  Don't shoot the messenger.

community logo
Join the Lunduke Community
To read more articles like this, sign up and join my community today
33
What else you may like…
Videos
Podcasts
Posts
Articles
Texas Law Now Requires Age Verification for App Stores

In Unrelated News: Nearly 30 Million user accounts leaked in two massive data breaches.

00:29:08
50% Off The Lunduke Journal (including Lifetime Subs) through Saturday!

Save moolah. Support ad-free, Big-Tech-Free, Non-Woke, Indie Tech Journalism. Win-win.

Grab the 50% discount here:
https://lunduke.substack.com/p/50-off-the-lunduke-journal-including

00:13:00
One of the Last Linux Magazines Ends Print Publication

Linux Format Magazine ends publication after 25 years - joining Linux Journal, Ubuntu User, Maximum Linux and many other now-dead Linux publications.

00:12:27
November 22, 2023
The futility of Ad-Blockers

Ads are filling the entirety of the Web -- websites, podcasts, YouTube videos, etc. -- at an increasing rate. Prices for those ad placements are plummeting. Consumers are desperate to use ad-blockers to make the web palatable. Google (and others) are desperate to break and block ad-blockers. All of which results in... more ads and lower pay for creators.

It's a fascinatingly annoying cycle. And there's only one viable way out of it.

Looking for the Podcast RSS feed or other links? Check here:
https://lunduke.locals.com/post/4619051/lunduke-journal-link-central-tm

Give the gift of The Lunduke Journal:
https://lunduke.locals.com/post/4898317/give-the-gift-of-the-lunduke-journal

The futility of Ad-Blockers
November 21, 2023
openSUSE says "No Lunduke allowed!"

Those in power with openSUSE make it clear they will not allow me anywhere near anything related to the openSUSE project. Ever. For any reason.

Well, that settles that, then! Guess I won't be contributing to openSUSE! 🤣

Looking for the Podcast RSS feed or other links?
https://lunduke.locals.com/post/4619051/lunduke-journal-link-central-tm

Give the gift of The Lunduke Journal:
https://lunduke.locals.com/post/4898317/give-the-gift-of-the-lunduke-journal

openSUSE says "No Lunduke allowed!"
September 13, 2023
"Andreas Kling creator of Serenity OS & Ladybird Web Browser" - Lunduke’s Big Tech Show - September 13th, 2023 - Ep 044

This episode is free for all to enjoy and share.

Be sure to subscribe here at Lunduke.Locals.com to get all shows & articles (including interviews with other amazing nerds).

"Andreas Kling creator of Serenity OS & Ladybird Web Browser" - Lunduke’s Big Tech Show - September 13th, 2023 - Ep 044

How Does the US Military Promote "CyberSecurity"?
😲 Prepare to be amazed.... 👨‍🏫 reported from LinkedIn

Note: Nothing else of value found on LinkedIn over the past three days.

post photo preview

This is pretty cool. Looks like the guy took pictures at church with his Game Boy Camera.

https://www.reddit.com/r/Anglicanism/s/96PHWNDlW7

The Judge Was Ruthless, Now Gaming WILL Change

50% off The Lunduke Journal (including Lifetime Subscriptions) through Saturday!

About 3 weeks back we had a deal where every new subscription to The Lunduke Journal was 50% off. Monthly, Yearly, Lifetime… all of it.

And — holy cow! — was that a success. Broke the record for most new subscribers to The Lunduke Journal in a single day. By a mile. Two days in a row.

Never seen anything like it. The amount of support all of you showed for truly independent Tech Journalism was off the charts.

You know what? Let’s try that again. Now through the end of May (which is Saturday, May 31st — the day after tomorrow):

  • 50% off Monthly — Now $3 / Month (was $6 / Month)

  • 50% off Yearly — Now $27 / Year (was $54 / Year)

  • 50% off Yearly MP4 Downloads — Now $27 / Year (was $54 / Year)

  • 50% off Lifetime Subscriptions — Now $100 (was $200)

Choose whichever option feels right for you. All the details and links are below.

Every one — big or small — directly funds the work of The Lunduke Journal (with zero overhead). Every option includes full access to the community Forum. And, of course, every type of subscription keeps The Lunduke Journal ad-free and Big Tech free.

Remember: 50% off is only through Saturday, May 31st. The next day (Sunday, June 1st) the prices all go back to normal.

50% Off Yearly or Monthly Subscription:

50% off a Yearly or Monthly subscription to The Lunduke Journal are available via both Locals and Substack. (This includes full access to the community Forum.)

That means $3 / Month. Or $27 / Year (which works out to $2.25 / Month).

Via Lunduke.Locals.com:

Via Lunduke.Substack.com:

The Famous Lifetime Subscription:

The "World Famous Lunduke Journal Lifetime Subscription" is exactly what it sounds like. Pay once and get full access to The Lunduke Journal. For life.

Now, through Saturday, May 31st… you can snag one at a crazy discount. Normally these are $200… but you can grab one for $100. (You can also pay more if you’d like to donate a little extra.)

The Lifetime Subscription can be obtained via Locals, Substack, or using Bitcoin. All three options work great and are super easy. Scroll down and choose your option.

How to get a Lifetime Subscription via Locals:

  1. Go to Lunduke.Locals.com/support.

  2. Select "Give Once".

  3. Enter "100" (or more) into the amount field.

  4. After checking out, Lunduke will toss you an email once your account is set to full lifetime status. (This usually happens within a few hours.)

How to get a Lifetime Subscription via Substack:

  1. Go to Lunduke.Substack.com/subscribe.

  2. Select the “Lifetime Subscription” option.

  3. After checking out, Lunduke will toss you an email once your account is set to full lifetime status. (This usually happens within a few hours.)

If you would also like full, Lifetime access to Lunduke.Locals.com (which is included):

  1. Make a free account on Lunduke.Locals.com.

  2. Email “bryan at lunduke.com” with the email address you use on both Substack and Locals (can be different email addresses).

  3. Lunduke will toss you an email once your account is set to full lifetime status on Locals.

How to get a Lifetime Subscription with Bitcoin:

You can also obtain a Lifetime Subscription via Bitcoin.

bc1qyjakve8fywm8pz2v99v57yhjj0vzr2vjze6fcq

  • Email "bryan at lunduke.com" with the following information: What time you made the transaction, how much was sent (in Bitcoin), and the email address you use (or plan to use) on Locals.com or Substack.com (or both).

50% Off DRM-Free, MP4 Downloads:

Want to be able to download every show The Lunduke Journal releases (and watch them on whatever device you like)? Yeah. You can do that. For 50% off.

Note: This DRM-Free download option does not include access to the Forum. This option is strictly for downloading the episodes.

Make a One Time Donation

Subscription not enough (or not your thing)? Want to toss in a one-time donation to The Lunduke Journal? There’s a few great options!

Via BitCoin:

Send any amount of BTC to the following address:

bc1qyjakve8fywm8pz2v99v57yhjj0vzr2vjze6fcq

  • Email "bryan at lunduke.com" with to let us know it was you! You can choose to keep your donation anonymous if you prefer. (Either way, all BTC donations get included in the matching deal.)

Via Locals:

  1. Go to Lunduke.Locals.com/support.

  2. Click “GIVE ONCE”.

  3. Enter any amount you like.

You Make This Possible

A huge thank you to all of the subscribers who have made The Lunduke Journal possible. Because of you, we have been able to do true Tech Journalism — to tell the stories that no other Tech News outlet has the cajones to touch.

And to all of you new Lunduke Journal subscribers (which, wow, there’s a lot of you): Welcome to the last bastion of truly independent, Big-Tech-Free, ad-free, non-Woke Tech Journalism.

-Lunduke

Read full Article
50% off Monthly, Yearly Subscriptions! Lifetime Subs for $100! Let's get everyone subscribing to The Lunduke Journal!

The number of free subscribers to The Lunduke Journal has absolutely exploded — across a bunch of platforms — which is truly amazing. The real Tech News is spreading farther than ever.

In fact, the free subscriber growth is so utterly massive, that if even a tiny fraction of you became a paying subscriber… The Lunduke Journal would become comfortably financially set for a very long time. Able to continue reporting on Big Tech — and corrupt Tech Foundations — well into the future.

All without taking a penny from Big Tech.

With that in mind, let’s do something awesome… something that will make Big Tech really grumpy.

Let’s get as many people subscribing to The Lunduke Journal as possible. Right now. This week. Let’s make this Big-Tech-Free, Non-Woke Tech News publication financially set for a good, long time.

To give everyone a kick-in-the-butt to help make that happen, I’m going to discount absolutely every type of subscription in a crazy way — through Friday, May 9th.

  • %50 off Monthly — Now $3 / Month (was $6 / Month)

  • %50 off Yearly — Now $27 / Year (was $54 / Year)

  • %50 off Yearly MP4 Downloads — Now $27 / Year (was $54 / Year)

  • %50 off Lifetime Subscriptions — Now $100 (was $200)

That Lifetime Subscription one is crazy.

Seriously. Make a one-time donation of $100, and be subscribed to The Lunduke Journal… for life. (This includes full access to the community Forum.)

If even 1% of the new free subscribers who have joined in the last month take advantage of this… The Lunduke Journal will be fully funded through the end of this year. And then some.

Let’s make it happen. Scroll down. Pick which ever subscription type works best for you. Then high-five yourself for making Big Tech grumpy.

Just be sure to do it by the end of the day on Friday, May 9th. The prices all go back to normal after that.

50% Off Yearly or Monthly Subscription:

50% off a Yearly or Monthly subscription to The Lunduke Journal are available via both Locals and Substack. (This includes full access to the community Forum.)

That means $3 / Month. Or $27 / Year (which works out to $2.25 / Month).

Via Lunduke.Locals.com:

Via Lunduke.Substack.com:

The Famous Lifetime Subscription:

The "World Famous Lunduke Journal Lifetime Subscription" is exactly what it sounds like. Pay once and get full access to The Lunduke Journal. For life.

And now, through Friday, May 9th… you can snag one at a crazy discount. Normally these are $200… but you can grab one for $100. (You can also pay more if you’d like to donate a little extra.)

The Lifetime Subscription can be obtained via Locals, Substack, or using Bitcoin. All three options work great and are super easy. Scroll down and choose your option.

How to get a Lifetime Subscription via Locals:

  1. Go to Lunduke.Locals.com/support.

  2. Select "Give Once".

  3. Enter "100" (or more) into the amount field.

  4. After checking out, Lunduke will toss you an email once your account is set to full lifetime status. (This usually happens within a few hours.)

How to get a Lifetime Subscription via Substack:

  1. Go to Lunduke.Substack.com/subscribe.

  2. Select the “Lifetime Subscription” option.

  3. After checking out, Lunduke will toss you an email once your account is set to full lifetime status. (This usually happens within a few hours.)

If you would also like full, Lifetime access to Lunduke.Locals.com (which is included):

  1. Make a free account on Lunduke.Locals.com.

  2. Email “bryan at lunduke.com” with the email address you use on both Substack and Locals (can be different email addresses).

  3. Lunduke will toss you an email once your account is set to full lifetime status on Locals.

How to get a Lifetime Subscription with Bitcoin:

You can also obtain a Lifetime Subscription via Bitcoin.

bc1qyjakve8fywm8pz2v99v57yhjj0vzr2vjze6fcq

  • Email "bryan at lunduke.com" with the following information: What time you made the transaction, how much was sent (in Bitcoin), and the email address you use (or plan to use) on Locals.com or Substack.com.

50% Off DRM-Free, MP4 Downloads:

Want to be able to download every show The Lunduke Journal releases (and watch them on whatever device you like)? Yeah. You can do that. For 50% off.

Note: This DRM-Free download option does not include access to the Forum. This option is strictly for downloading the episodes.

Make a One Time Donation

Subscription not enough (or not your thing)? Want to toss in a one-time donation to The Lunduke Journal? There’s a few great options!

Via BitCoin:

Send any amount of BTC to the following address:

bc1qyjakve8fywm8pz2v99v57yhjj0vzr2vjze6fcq

  • Email "bryan at lunduke.com" with to let us know it was you! You can choose to keep your donation anonymous if you prefer. (Either way, all BTC donations get included in the matching deal.)

Via Locals:

  1. Go to Lunduke.Locals.com/support.

  2. Click “GIVE ONCE”.

  3. Enter any amount you like.

You Make This Possible

A huge thank you to all of the subscribers who have made The Lunduke Journal possible. Because of you, we have been able to do true Tech Journalism — to tell the stories that no other Tech News outlet has the cajones to touch.

And to all of you new Lunduke Journal subscribers: Welcome to the last bastion of truly independent, Big-Tech-Free, ad-free, non-Woke Tech Journalism.

-Lunduke

Read full Article
Lunduke Interviewed by Side Scrollers

Yesterday I joined the Side Scrollers show for an hour-long interview.

We covered the Adobe Copyright fight, PewDiePie and Linux, Pokemon Go and the CIA, and how The Lunduke Journal came to be. Definitely worth a watch. I join the show around the 56 minute mark.

 

Next Monday (May 12th), I’ll be a guest on Citizen Podcast with Dan Hollaway.

Critically Important Reminder: The Lunduke Journal refuses to take any funding from Big Tech. The coverage from The Lunduke Journal is only possible because of you.

And with efforts to silence The Lunduke Journal ramping up (including fraudulent copyright take-downs on YouTube), your support is needed more than ever before. If you haven’t already become a subscriber… there’s a lot of options.

All of them make a huge difference:

Without your support, so many stories about Big Tech and Woke Tech would never get told.

Seriously. Now’s the time to support this work, if you are able.

And a huge thank you to each and every one of you. You are making the Tech World a better place.

-Lunduke

Read full Article
See More
Available on mobile and TV devices
google store google store app store app store
google store google store app tv store app tv store amazon store amazon store roku store roku store
Powered by Locals