Lunduke
News • Science & Tech
Which Operating System has the Most Vulnerabilities?
Windows? iOS? Ubuntu? Do you know... for sure?
April 02, 2024
post photo preview

The recent, high profile software vulnerabilities have raised a number of questions about the security of our software.

Three questions which have been on my mind:

  1. Is software less secure now... than it used to be?
  2. Which has more vulnerabilities... Open Source Software or Closed Source Software?
  3. Which Operating System has the most vulnerabilities... and which has the least?

These seem like fair questions to ask.  And, considering the massive amount of data available, we should be able to arrive at some definitive answers.  Yet, when we see discussions around exactly these topics, most of the statements seem to be based on feelings and preferences... rather than hard facts.

Let's fix that.

First we need to grab details on all publicly known CVEs (aka "Common Vulnerabilities and Exposures") -- the standard way of publishing details around exploits and vulnerabilities -- and drill down into that data.  Luckily CVEdetails.com makes obtaining this data incredibly simple (the data below is obtained from there).

Is software less secure now... than it used to be?

The easiest way to begin answering this question is to track the number of CVEs reported per year... and put that data into a pretty graph.

At the current rate, 2024 will have more CVEs than any previous year.

And the results are... not exactly difficult to read.  It goes up pretty much every year -- accelerating, significantly, over the last few years.

  • 2022: 25,083
  • 2023: 29,065

That's a roughly 16% increase in the total reported CVEs... in just one year.

And, at the current rate (January through March of this year), 2024 is on track to hit 35,484 by the end of the year.  Which would be a 22% increase, year on year.

There are two likely possibilities which could explain this:

  1. We are getting much better at finding the vulnerabilities in software.
  2. We are adding more vulnerabilities to software.

And, in fact, both could absolutely be true.

Considering the ever-increasing complexity of our software systems (both in terms of total Lines of Code and number of interdependent systems), it seems reasonable that at least some portion of this dramatic increase in CVEs is thanks to us simply having more vulnerabilities in software.

This is about as close to a definitive answer as we are going to get: Based on the available data, yes.  Software is less secure now than it used to be.

Which Operating System has the most vulnerabilities... and which has the least?

Now let's pull data on all known CVEs... and sort them by Operating System (again, using data gathered from CVEdetails.com).

Behold.

Hello, Debian!

Your eyes do not deceive you.  Debian Linux has had the highest number of reported vulnerabilities, clocking in at a whopping 8,751.

  • Android is in second place, with 7,008 CVEs.
  • And Ubuntu Linux was trailing in third place, with 4,058.

Windows, iOS, and macOS all had significantly lower total numbers of reported vulnerabilities.

Note: I left a variety of BSD and UNIX systems off this list as their number of total CVEs was lower than the lowest entry on the chart.  FreeBSD: 488, OpenBSD: 188, NetBSD: 167, Solaris: 532.

But... that chart above only provides part of the picture, as it includes all CVEs ever reported.

Therefore, while it is a fascinating glimpse into past (and overall) vulnerability, it does not give us a good indicator of the current security of each given OS.

To solve that, let's look at a singular recent major version of each OS.  While the versions below are not all of the same age, each was chosen as: 1) a recent release, 2) publicly available for enough time to be somewhat well tested, and 3) with sufficient data available to be worth evaluating.

Yikes, Android!

The results clearly show Android as the Operating System with the largest number of known vulnerabilities (currently).

  • iOS (for iPhone) has roughly 10% of the reported CVEs as Android.  Or, to put another way, "1,000% more secure".
  • Both Windows and macOS clock in as measurably more secure than Ubuntu (in terms of total number of vulnerabilities found).

The old narrative that "Linux is more secure" appears to be... mostly untrue.

That said, it's entirely possible that the Open Source nature of Linux (and the software ecosystem around it) has enabled a higher percentage of vulnerabilities to be found, compared to Closed Source systems.  But that is purely speculative, and we need to go on what data we have available.

No matter which way you slice it -- modern versions of major Linux Distributions have significantly more known vulnerabilities than modern versions of Windows or macOS.

The Findings

We can safely declare, based on available data, the following:

Q: Is software less secure now... than it used to be?

A: Yes.  Demonstrably so.  And it's getting worse, year on year.

Q: Which Operating System has the most vulnerabilities... and which has the least?

A: Linux based systems contain the most reported vulnerabilities, with Android (Linux-based) leading the pack by a large margin.  Windows, macOS, iOS (and most BSD / UNIX systems) all have significantly fewer known vulnerabilities.

Q: Which has more vulnerabilities... Open Source Software or Closed Source Software?

A: This is a mixed bag.  Open Source BSD systems have significantly less known vulnerabilities (both in total, and per version) than the Closed Source Microsoft Windows.  At the same time, Open Source Linux (and Android) led the pack in vulnerabilities.  One thing we can say for sure: The most vulnerable systems are Open Source (to one degree or another).

I don't like these numbers any more than you do.  Don't shoot the messenger.

community logo
Join the Lunduke Community
To read more articles like this, sign up and join my community today
33
What else you may like…
Videos
Podcasts
Posts
Articles
Guy Buys GNU Emacs Book From Amazon... Gets "Hitler's Table Talk" in Disguise

The cover was for "The Org Mode Reference Manual" for Emacs. But what was inside... was something very different!

00:04:43
Ubuntu Replaces Sudo with Untested Rust Alternative in Next Release

The battle tested "sudo" is being dropped in favor of the not-finished, untested "sudo-rs"... entirely because it was written in Rust. And that's just the start of Ubuntu's Rust plans.

Plus: Lunduke's opinion on the real reason for replacing working GPL software with Rust re-writes.

00:17:15
GNOME Foundation Has a New Executive Director! (And He's Not a Shaman!)

After years of chaos, financial uncertainty, and bizarre antics... has the GNOME Foundation finally hired a normal nerd to run the show?

00:14:07
November 22, 2023
The futility of Ad-Blockers

Ads are filling the entirety of the Web -- websites, podcasts, YouTube videos, etc. -- at an increasing rate. Prices for those ad placements are plummeting. Consumers are desperate to use ad-blockers to make the web palatable. Google (and others) are desperate to break and block ad-blockers. All of which results in... more ads and lower pay for creators.

It's a fascinatingly annoying cycle. And there's only one viable way out of it.

Looking for the Podcast RSS feed or other links? Check here:
https://lunduke.locals.com/post/4619051/lunduke-journal-link-central-tm

Give the gift of The Lunduke Journal:
https://lunduke.locals.com/post/4898317/give-the-gift-of-the-lunduke-journal

The futility of Ad-Blockers
November 21, 2023
openSUSE says "No Lunduke allowed!"

Those in power with openSUSE make it clear they will not allow me anywhere near anything related to the openSUSE project. Ever. For any reason.

Well, that settles that, then! Guess I won't be contributing to openSUSE! 🤣

Looking for the Podcast RSS feed or other links?
https://lunduke.locals.com/post/4619051/lunduke-journal-link-central-tm

Give the gift of The Lunduke Journal:
https://lunduke.locals.com/post/4898317/give-the-gift-of-the-lunduke-journal

openSUSE says "No Lunduke allowed!"
September 13, 2023
"Andreas Kling creator of Serenity OS & Ladybird Web Browser" - Lunduke’s Big Tech Show - September 13th, 2023 - Ep 044

This episode is free for all to enjoy and share.

Be sure to subscribe here at Lunduke.Locals.com to get all shows & articles (including interviews with other amazing nerds).

"Andreas Kling creator of Serenity OS & Ladybird Web Browser" - Lunduke’s Big Tech Show - September 13th, 2023 - Ep 044
Holy smokes. Off to an amazing start!

A huge number of you have picked up subscriptions over the last 24 hours! Massive! Let's keep this training rolling!

If you haven't taken advantage of this yet, the "50% off everything, including Lifetime subscriptions" offer is available through the end of the day tomorrow (Friday, May 9th)!

All the details on how to get the discount:
https://lunduke.locals.com/post/6911069/50-off-monthly-yearly-subscriptions-lifetime-subs-for-100-lets-get-everyone-subscribing-to-the

Video of me talking about it and getting all excited:
https://lunduke.locals.com/post/6912043/50-off-monthly-yearly-lifetime-subscriptions-through-friday-may-9th

post photo preview

[Poll] Is This "Real Developers" at Work or A.I. or something else?

[from X.com] Collaboration Win by USOPM and DOGE -
🧙 💾 after 35+ years of failed modernization attempts, OPM has announced that, as of June 2, they are replacing their 65+ year old paper process with an all digital alternative. This will reduce the average time people wait to receive their retirement check from 3-5 months to less than 1 month.
https://x.com/DOGE/status/1920600696682131747

https://www.fedsmith.com/2025/05/07/opm-goes-digital-new-era-for-federal-retirement-processing/

50% off Monthly, Yearly Subscriptions! Lifetime Subs for $100! Let's get everyone subscribing to The Lunduke Journal!

The number of free subscribers to The Lunduke Journal has absolutely exploded — across a bunch of platforms — which is truly amazing. The real Tech News is spreading farther than ever.

In fact, the free subscriber growth is so utterly massive, that if even a tiny fraction of you became a paying subscriber… The Lunduke Journal would become comfortably financially set for a very long time. Able to continue reporting on Big Tech — and corrupt Tech Foundations — well into the future.

All without taking a penny from Big Tech.

With that in mind, let’s do something awesome… something that will make Big Tech really grumpy.

Let’s get as many people subscribing to The Lunduke Journal as possible. Right now. This week. Let’s make this Big-Tech-Free, Non-Woke Tech News publication financially set for a good, long time.

To give everyone a kick-in-the-butt to help make that happen, I’m going to discount absolutely every type of subscription in a crazy way — through Friday, May 9th.

  • %50 off Monthly — Now $3 / Month (was $6 / Month)

  • %50 off Yearly — Now $27 / Year (was $54 / Year)

  • %50 off Yearly MP4 Downloads — Now $27 / Year (was $54 / Year)

  • %50 off Lifetime Subscriptions — Now $100 (was $200)

That Lifetime Subscription one is crazy.

Seriously. Make a one-time donation of $100, and be subscribed to The Lunduke Journal… for life. (This includes full access to the community Forum.)

If even 1% of the new free subscribers who have joined in the last month take advantage of this… The Lunduke Journal will be fully funded through the end of this year. And then some.

Let’s make it happen. Scroll down. Pick which ever subscription type works best for you. Then high-five yourself for making Big Tech grumpy.

Just be sure to do it by the end of the day on Friday, May 9th. The prices all go back to normal after that.

50% Off Yearly or Monthly Subscription:

50% off a Yearly or Monthly subscription to The Lunduke Journal are available via both Locals and Substack. (This includes full access to the community Forum.)

That means $3 / Month. Or $27 / Year (which works out to $2.25 / Month).

Via Lunduke.Locals.com:

Via Lunduke.Substack.com:

The Famous Lifetime Subscription:

The "World Famous Lunduke Journal Lifetime Subscription" is exactly what it sounds like. Pay once and get full access to The Lunduke Journal. For life.

And now, through Friday, May 9th… you can snag one at a crazy discount. Normally these are $200… but you can grab one for $100. (You can also pay more if you’d like to donate a little extra.)

The Lifetime Subscription can be obtained via Locals, Substack, or using Bitcoin. All three options work great and are super easy. Scroll down and choose your option.

How to get a Lifetime Subscription via Locals:

  1. Go to Lunduke.Locals.com/support.

  2. Select "Give Once".

  3. Enter "100" (or more) into the amount field.

  4. After checking out, Lunduke will toss you an email once your account is set to full lifetime status. (This usually happens within a few hours.)

How to get a Lifetime Subscription via Substack:

  1. Go to Lunduke.Substack.com/subscribe.

  2. Select the “Lifetime Subscription” option.

  3. After checking out, Lunduke will toss you an email once your account is set to full lifetime status. (This usually happens within a few hours.)

If you would also like full, Lifetime access to Lunduke.Locals.com (which is included):

  1. Make a free account on Lunduke.Locals.com.

  2. Email “bryan at lunduke.com” with the email address you use on both Substack and Locals (can be different email addresses).

  3. Lunduke will toss you an email once your account is set to full lifetime status on Locals.

How to get a Lifetime Subscription with Bitcoin:

You can also obtain a Lifetime Subscription via Bitcoin.

bc1qyjakve8fywm8pz2v99v57yhjj0vzr2vjze6fcq

  • Email "bryan at lunduke.com" with the following information: What time you made the transaction, how much was sent (in Bitcoin), and the email address you use (or plan to use) on Locals.com or Substack.com.

50% Off DRM-Free, MP4 Downloads:

Want to be able to download every show The Lunduke Journal releases (and watch them on whatever device you like)? Yeah. You can do that. For 50% off.

Note: This DRM-Free download option does not include access to the Forum. This option is strictly for downloading the episodes.

Make a One Time Donation

Subscription not enough (or not your thing)? Want to toss in a one-time donation to The Lunduke Journal? There’s a few great options!

Via BitCoin:

Send any amount of BTC to the following address:

bc1qyjakve8fywm8pz2v99v57yhjj0vzr2vjze6fcq

  • Email "bryan at lunduke.com" with to let us know it was you! You can choose to keep your donation anonymous if you prefer. (Either way, all BTC donations get included in the matching deal.)

Via Locals:

  1. Go to Lunduke.Locals.com/support.

  2. Click “GIVE ONCE”.

  3. Enter any amount you like.

You Make This Possible

A huge thank you to all of the subscribers who have made The Lunduke Journal possible. Because of you, we have been able to do true Tech Journalism — to tell the stories that no other Tech News outlet has the cajones to touch.

And to all of you new Lunduke Journal subscribers: Welcome to the last bastion of truly independent, Big-Tech-Free, ad-free, non-Woke Tech Journalism.

-Lunduke

Read full Article
Lunduke Interviewed by Side Scrollers

Yesterday I joined the Side Scrollers show for an hour-long interview.

We covered the Adobe Copyright fight, PewDiePie and Linux, Pokemon Go and the CIA, and how The Lunduke Journal came to be. Definitely worth a watch. I join the show around the 56 minute mark.

 

Next Monday (May 12th), I’ll be a guest on Citizen Podcast with Dan Hollaway.

Critically Important Reminder: The Lunduke Journal refuses to take any funding from Big Tech. The coverage from The Lunduke Journal is only possible because of you.

And with efforts to silence The Lunduke Journal ramping up (including fraudulent copyright take-downs on YouTube), your support is needed more than ever before. If you haven’t already become a subscriber… there’s a lot of options.

All of them make a huge difference:

Without your support, so many stories about Big Tech and Woke Tech would never get told.

Seriously. Now’s the time to support this work, if you are able.

And a huge thank you to each and every one of you. You are making the Tech World a better place.

-Lunduke

Read full Article
Adobe silences Lunduke, "GNOME is Antifa", & Linux Leftists v. PewDiePie
The Lunduke Journal coverage for the week ending May 4th, 2025.

This has been one heck of a weird week — both for Open Source in general, and The Lunduke Journal in particular.

From GNOME contributors declaring that “GNOME is Antifa” to Open Source project leaders declaring that they intend to block PewDiePie fans from using Linux — because PewDiePie fans are, according to Open Source Leftists, “fascists”. Just plain weird.

And, of course, the saga of Adobe working to silence The Lunduke Journal continues to march forward.

As usual, most of these stories were not only broken by The Lunduke Journal… but most Tech News outlets have refused to cover them at all.

Highlights from the last week (ending Sunday, May 4th, 2025):

Those links are all to X — but you can also find all of these shows on every other platform where The Lunduke Journal is available (including Rumble, Podcast, YouTube, and the rest).

Reminder: The Lunduke Journal refuses to take any funding from Big Tech. This type of reporting is only possible through the support of all of you. There are a number of ways you can help out — and, big or small, every option goes directly towards funding this work.

Without your support, so many stories about Big Tech and Woke Tech would never get told.

Seriously. You make The Lunduke Journal possible.

Thank you.

-Lunduke

Read full Article
See More
Available on mobile and TV devices
google store google store app store app store
google store google store app tv store app tv store amazon store amazon store roku store roku store
Powered by Locals