Most Vulnerable Software of 2016: Anything Linux Based


This year Linux has taken the gold, silver, and bronze medal for software vulnerabilities, beating out notoriously unsafe applications such as Adobe Flash and Acrobat.

The Android Mobile OS, which is based on the Linux Kernel, took first place with 523 Common Vulnerabilities and Exposures (CVE). Second place for this dubious “award” went to Debian Linux with 319 vulnerabilities, and third to Ubunto Linux with 278 CVEs.

The Linux Kernel itself ranked at 10th place, higher in security holes than both the Mac OS X and every modern release of Windows or Windows Server. The statistic is based on vulnerabilities reported by security researchers and compiled by CVE Details.

The Most Vulnerable Software of 2016


You can imagine Apple is relishing the good news, considering the Mac OS X was 2015’s most vulnerable software. Here’s the list of past “winners”:

  • Apple Mac OS X in 2015 (444 bugs)
  • Internet Explorer in 2014 (243 bugs)
  • The Linux Kernel in 2013 (189 bugs)
  • Google Chrome in 2012 (249 bugs)
  • Google Chrome in 2011 (266 bugs)
  • Google Chrome in 2010 (152 bugs)
  • Mozilla Firefox in 2009 (126 bugs)
  • Mozilla Firefox tied with Apple OS X in 2008 (96 bugs)
  • PHP in 2007 (114 bugs)
  • Apple OS X in 2006 (106 bugs)
  • Linux Kernel in 2005 (133 bugs)

It seems Microsoft’s increased focus on security in 2016 has been paying off, something we’d already noticed in NSS Lab’s anti-malware tests, and with Server 2016’s Hyper-V.

Oracle is 2016’s Least Secure Software Vendor

Critical Patch: The Company rushed to fix 276 vulnerabilities in a July patch.

When it comes to software vendors, Oracle definitely took home the crown in 2016. It easily came in first with 793 reported software vulnerabilities. Most of the security bugs were reported in Oracle products such as MySQL, Solaris, and its custom Linux OS version.

Google took second place with 698 bugs, the majority of which were (unsurprisingly) in Android and Chrome. Adobe came third with 548 bugs, mostly in Flash Player and Reader/Acrobat.


Past vendors who have topped this chart of software vulnerabilities include:

  • Apple in 2015 (708 bugs)
  • IBM in 2014 (455 bugs)
  • Oracle in 2013 (496 bugs)
  • Oracle in 2012 (380 bugs)
  • Google in 2011 (295 bugs)

Are You Protected Against Software Breeches?

Even if you get end-point protection and regularly update your software, there’s a chance it will fail. And when it does, ransomware and malware slips through the cracks. The only surefire defense is to backup your data and applications, so you can swiftly restore them in case they’re compromised.

If you don’t have backup and disaster recovery software already, or even if you do, you should give BackupAssist a try. BackupAssist is the #1 Backup and Disaster Recovery software for Windows Servers, used by world-famous organizations such as NASA, Cessna, and M.I.T. Check out our free 30-day trial or read more here.

Share on email
Share on print
Share on facebook
Share on google
Share on twitter
Share on linkedin



Start your free 30-day trial today