Apple tops public vulnerability table

It seems Apple has had more software flaws outed in the first half of the year - even more than the likes of Microsoft or Adobe - if the latest Threat Report from Trend Micro. is to be believed.

According to the Cupertino-based company, its neighbour, the all-conquering maker of elastic-band-powered phones notched up almost 180 entries on Trend's Common Vulnerabilities and Exposures (CVE) list. The list tracks the number of vulnerabilities that are made public. There are plenty that aren't.

Source: Trend Micro

Observers could be forgiven for scratching their heads and saying, 'Gor blimey guvnor, Adobe and Microsoft are releasing patches for vulnerabilities left right and centre'.

Indeed, they are.

Apple is too. But the outfit is far too savvy to make a song and dance about the whole thing, so it patches on the quiet without revealing more details that it deems necessary about how flaky its software may or may not be.

Trend says,"The presentation of vulnerability information to the general public leaves much to be desired. While some vendors present vulnerability information publicly
in well-organised bulletins, others do so in a more ad hoc manner or hide the information behind paywalls on their websites. This makes proper threat assessment on the
part of users - both enterprise and consumer - much more difficult."

Trend says that 2,552 vulnerabilities were published in the first half of 2010, slightly fewer than last year. The firm notes, however, that not all vulnerabilities receive a CVE. "Many vulnerabilities that are privately reported to vendors are not included in the system," apparently.

The report notes: "While some vendors receive a significant amount of press attention for vulnerabilities, this chart serves as a reminder that the threat is far more multi-pronged than just patching Windows or updating Flash and Acrobat/Reader. In addition, some of the vendors with large numbers of vulnerabilities focus on enterprise software, with correspondingly longer patch cycles that potentially leave users at risk."