The 2016 Common Vulnerabilities and Exposures (CVE) statistics are in and don’t make great reading for Google. Or do they?
Android tops the CVE charts for most insecure product (ahead of Debian, Ubuntu and Adobe Flash) and Google comes second (behind Oracle but ahead of both Adobe and Microsoft) in the insecure vendor listings. That’s according to a summation of the stats for 2016. If we dig a little deeper than the headline figures, and take the last couple of years into account, things don’t get any the rosier for Google. Both Apple products, and Apple as a vendor, have become ‘more secure’ over time using this metric whereas Google has gone in the opposite direction.
Measuring security by the number of distinct vulnerabilities disclosed across the year, however, is not really an accurate metric. SC Media UK asked the IT security industry what it made of the numbers, and the ‘face value’ headlines they have generated.