Lunduke
News • Science & Tech
Which Operating System has the Most Vulnerabilities?
Windows? iOS? Ubuntu? Do you know... for sure?
April 02, 2024
post photo preview

The recent, high profile software vulnerabilities have raised a number of questions about the security of our software.

Three questions which have been on my mind:

  1. Is software less secure now... than it used to be?
  2. Which has more vulnerabilities... Open Source Software or Closed Source Software?
  3. Which Operating System has the most vulnerabilities... and which has the least?

These seem like fair questions to ask.  And, considering the massive amount of data available, we should be able to arrive at some definitive answers.  Yet, when we see discussions around exactly these topics, most of the statements seem to be based on feelings and preferences... rather than hard facts.

Let's fix that.

First we need to grab details on all publicly known CVEs (aka "Common Vulnerabilities and Exposures") -- the standard way of publishing details around exploits and vulnerabilities -- and drill down into that data.  Luckily CVEdetails.com makes obtaining this data incredibly simple (the data below is obtained from there).

Is software less secure now... than it used to be?

The easiest way to begin answering this question is to track the number of CVEs reported per year... and put that data into a pretty graph.

At the current rate, 2024 will have more CVEs than any previous year.

And the results are... not exactly difficult to read.  It goes up pretty much every year -- accelerating, significantly, over the last few years.

  • 2022: 25,083
  • 2023: 29,065

That's a roughly 16% increase in the total reported CVEs... in just one year.

And, at the current rate (January through March of this year), 2024 is on track to hit 35,484 by the end of the year.  Which would be a 22% increase, year on year.

There are two likely possibilities which could explain this:

  1. We are getting much better at finding the vulnerabilities in software.
  2. We are adding more vulnerabilities to software.

And, in fact, both could absolutely be true.

Considering the ever-increasing complexity of our software systems (both in terms of total Lines of Code and number of interdependent systems), it seems reasonable that at least some portion of this dramatic increase in CVEs is thanks to us simply having more vulnerabilities in software.

This is about as close to a definitive answer as we are going to get: Based on the available data, yes.  Software is less secure now than it used to be.

Which Operating System has the most vulnerabilities... and which has the least?

Now let's pull data on all known CVEs... and sort them by Operating System (again, using data gathered from CVEdetails.com).

Behold.

Hello, Debian!

Your eyes do not deceive you.  Debian Linux has had the highest number of reported vulnerabilities, clocking in at a whopping 8,751.

  • Android is in second place, with 7,008 CVEs.
  • And Ubuntu Linux was trailing in third place, with 4,058.

Windows, iOS, and macOS all had significantly lower total numbers of reported vulnerabilities.

Note: I left a variety of BSD and UNIX systems off this list as their number of total CVEs was lower than the lowest entry on the chart.  FreeBSD: 488, OpenBSD: 188, NetBSD: 167, Solaris: 532.

But... that chart above only provides part of the picture, as it includes all CVEs ever reported.

Therefore, while it is a fascinating glimpse into past (and overall) vulnerability, it does not give us a good indicator of the current security of each given OS.

To solve that, let's look at a singular recent major version of each OS.  While the versions below are not all of the same age, each was chosen as: 1) a recent release, 2) publicly available for enough time to be somewhat well tested, and 3) with sufficient data available to be worth evaluating.

Yikes, Android!

The results clearly show Android as the Operating System with the largest number of known vulnerabilities (currently).

  • iOS (for iPhone) has roughly 10% of the reported CVEs as Android.  Or, to put another way, "1,000% more secure".
  • Both Windows and macOS clock in as measurably more secure than Ubuntu (in terms of total number of vulnerabilities found).

The old narrative that "Linux is more secure" appears to be... mostly untrue.

That said, it's entirely possible that the Open Source nature of Linux (and the software ecosystem around it) has enabled a higher percentage of vulnerabilities to be found, compared to Closed Source systems.  But that is purely speculative, and we need to go on what data we have available.

No matter which way you slice it -- modern versions of major Linux Distributions have significantly more known vulnerabilities than modern versions of Windows or macOS.

The Findings

We can safely declare, based on available data, the following:

Q: Is software less secure now... than it used to be?

A: Yes.  Demonstrably so.  And it's getting worse, year on year.

Q: Which Operating System has the most vulnerabilities... and which has the least?

A: Linux based systems contain the most reported vulnerabilities, with Android (Linux-based) leading the pack by a large margin.  Windows, macOS, iOS (and most BSD / UNIX systems) all have significantly fewer known vulnerabilities.

Q: Which has more vulnerabilities... Open Source Software or Closed Source Software?

A: This is a mixed bag.  Open Source BSD systems have significantly less known vulnerabilities (both in total, and per version) than the Closed Source Microsoft Windows.  At the same time, Open Source Linux (and Android) led the pack in vulnerabilities.  One thing we can say for sure: The most vulnerable systems are Open Source (to one degree or another).

I don't like these numbers any more than you do.  Don't shoot the messenger.

community logo
Join the Lunduke Community
To read more articles like this, sign up and join my community today
33
What else you may like…
Videos
Podcasts
Posts
Articles
Get a Subscription, Give a Subscription

The "Buy One, Give One" Lunduke Journal offer is good through Friday, October 10th.

The Details:
https://lunduke.substack.com/p/get-a-subscription-give-a-subscription

More from The Lunduke Journal:
https://lunduke.com/

00:04:30
NixOS Mod Admits Reason for Coup is "Trump"

Also, NixOS delays release "Due to Recent Events". Aka... the attempted coup.

More from The Lunduke Journal:
https://lunduke.com/

00:08:05
October 03, 2025
Debian: XLibre is Not Allowed, Devs Are Nazis

Reminder: Debian allows convicted child rapists to be Debian team members. Also, Debian left X.com, citing "Gender"& "Diversity", and offers internships... but not to Straight White Men.

More from The Lunduke Journal:
https://lunduke.com/

00:19:38
November 22, 2023
The futility of Ad-Blockers

Ads are filling the entirety of the Web -- websites, podcasts, YouTube videos, etc. -- at an increasing rate. Prices for those ad placements are plummeting. Consumers are desperate to use ad-blockers to make the web palatable. Google (and others) are desperate to break and block ad-blockers. All of which results in... more ads and lower pay for creators.

It's a fascinatingly annoying cycle. And there's only one viable way out of it.

Looking for the Podcast RSS feed or other links? Check here:
https://lunduke.locals.com/post/4619051/lunduke-journal-link-central-tm

Give the gift of The Lunduke Journal:
https://lunduke.locals.com/post/4898317/give-the-gift-of-the-lunduke-journal

The futility of Ad-Blockers
November 21, 2023
openSUSE says "No Lunduke allowed!"

Those in power with openSUSE make it clear they will not allow me anywhere near anything related to the openSUSE project. Ever. For any reason.

Well, that settles that, then! Guess I won't be contributing to openSUSE! 🤣

Looking for the Podcast RSS feed or other links?
https://lunduke.locals.com/post/4619051/lunduke-journal-link-central-tm

Give the gift of The Lunduke Journal:
https://lunduke.locals.com/post/4898317/give-the-gift-of-the-lunduke-journal

openSUSE says "No Lunduke allowed!"
September 13, 2023
"Andreas Kling creator of Serenity OS & Ladybird Web Browser" - Lunduke’s Big Tech Show - September 13th, 2023 - Ep 044

This episode is free for all to enjoy and share.

Be sure to subscribe here at Lunduke.Locals.com to get all shows & articles (including interviews with other amazing nerds).

"Andreas Kling creator of Serenity OS & Ladybird Web Browser" - Lunduke’s Big Tech Show - September 13th, 2023 - Ep 044

Computers are boring...
Here me out here. Pictures below is a motherboard from late 2008. Is an Asus P6T X58 motherboard. You have tons of options and caveats. Want the fastest RAM? You're restricted to 6GB DDR3. Want to max out the RAM? 24GB but you're restricted to 1333 speeds.
You can use SATA, IDE, even floppy. PCI and PCI Express. All options. All things you have to take into consideration.
There are so many parts to consider.
For a nerd, this is like assembling a puzzle. You have to consider how it's all going to work together.
Now?
Well, now you get like 2 PCIe slots and 2 RAM slots, and anything that does anything special is just going to use USB. It all just works. There are only a very few things you have to consider.
That's boring.
It's like taking a puzzle and all sides are the same and each piece is numbered.
Grant it, 99% of the population just wants to put a picture on the wall. But if you like doing puzzles, you want a challenge. And nobody offers a new challenge.
This is why I ...

post photo preview
12 hours ago

A 6502 compiler!! @GeekOnSkates
https://llvm-mos.org/wiki/Welcome

16 hours ago

I think it's cooked. Sadly....

Google is Killing Open Source Android Apps (Here's Why) - YouTube

September 18, 2025
Final Reminder: Lifetime Price Increase in 24 hours

This is just a super quick reminder (so no body misses out):

This Friday (September 19th), the price of a new Lifetime Subscription to The Lunduke Journal will be increasing from $200 to $300.

Which means: If you want to pick up a new Lifetime Subscription for the lower price, simply grab one (via Locals, Substack, or Bitcoin) by Thursday night (Sep 18th). That’s roughly 24 hours from the moment I am writing these words.

Obviously, once you have a Lifetime Subscription you’re set. You know. For life.

I wanted to give all of you some notice so you could grab one at the lower rate.

Also worth noting: The Lunduke Journal has phased out sales and discount promotions. The current price of a subscription is the best price.

This will be the final reminder before the change goes into effect.

-Lunduke

Read full Article
September 15, 2025
post photo preview
Lunduke Livestream: Tue, Sep 16 at 1pm Eastern

The Lunduke Journal regular live-streaming is back! The next show is Tuesday, September 16th (tomorrow) at 1pm Eastern (10am Pacific, 5pm UTC).

You can catch the live video, for free, on X, Rumble, YouTube, & Locals.

We’ve got a lot of Tech News to cover — and who knows what stories will pop up between now and then!

Time permitting, we’ll also be doing a little Nerdy Q & A. So, if you’ve got something you’d like to ask, join us in one of the chat rooms!

Also, quick reminder that the price of new Lifetime Subscription is going up this Friday. If you want one at the lower price, now’s your moment. We’ve also added some new perks for subscribers worth checking out.

See you nerd tomorrow!

-Lunduke

Read full Article
September 14, 2025
New Lunduke Journal Sub Perks, Lifetime Price Increase Next Week

A quick update: There are some new perks for Lunduke Journal subscribers, and an upcoming price increase for new Lifetime Subscriptions (if you want one of those at the lower price, you have a couple days).

All the details below.

Lifetime Subscription Price Increase

This coming Friday (September 19th), the price of a new Lifetime Subscription to The Lunduke Journal will be increasing from $200 to $300. I wanted to give all of you a few days notice so you could grab one at the lower rate.

If you want to pick up a Lifetime Subscription for the lower price, simply grab one (via Locals, Substack, or Bitcoin) by Thursday night (Sep 18th).

The prices for new Yearly and Monthly subscriptions will remain the same. No changes.

Reminder: The Lunduke Journal has phased out sales and discount promotions. The current price of a subscription is the best price.

New Perks for Lunduke Journal Subscribers

I am working on adding a few new perks for Lunduke Journal subscribers — a way of saying “Thank You” for making this work possible (while still keeping all of the articles and shows free for the world).

Here are the perks as of today.

Perks for all Subscribers (Monthly, Yearly, and Lifetime):

Note: The eBooks & Games are currently only available on Locals & Substack (due to platform features). Those perks will also become available to subscribers on X, YouTube, & Patreon next week. Stay tuned for access details.

Additional (Optional) Perks only for Lifetime Subscribers:

  • The Lunduke Journal will follow your account on X.

  • Your name (real, or internet handle) listed in a special thanks slide at the end of new Lunduke Journal videos.

Both of these perks are 100% optional.

If you are a Lifetime Subscriber, and would like to take advantage of either (or both), simply email “bryan at lunduke.com” with the subject line “Lifetime Perk” (that part is important, I get so many emails this will help me see yours) and include a link to your X profile and/or the way you want your name to appear at the end of videos.

One of the nice parts of having Lunduke Journal follow your X account… is it will make it far easier (and more likely) for me to see your comments.

Thank You

I am working to expand all of the regular perks (books, etc.) to subscribers across all platforms (which was a little tricky, considering the differences in each platform, but I managed to figure out how to do it) — while adding a few new ones as well.

Nothing crazy, just a way of saying “Thank You”.

Seriously.

From the bottom of my heart, thank you for your support. The Lunduke Journal is only possible thanks to each and every one of you.

-Lunduke

Read full Article
See More
Available on mobile and TV devices
google store google store app store app store
google store google store app tv store app tv store amazon store amazon store roku store roku store
Powered by Locals