Speaking at the Microsoft Worldwide Partner Conference (WPC), COO Kevin Turner told attendees that Microsoft's archrival Apple is now No. 1 in software vulnerabilities, with database rival Oracle in the No. 2 spot. It's a tantalizing claim and good marketing for Microsoft, but does it point to deeper truths about the challenges Microsoft faces?
I'm not sure where Turner got his data -- the COO sourced his comments as "one of the last surveys that I saw in the marketplace" -- but I'd guess it was Danish security research firm Secunia's Half Year Report for 2010, which ranked Apple No. 1, Oracle No. 2, and Microsoft No. 3 in its list of the top 10 sources of software vulnerabilities. Not surprisingly, a close read of that report yields some data points that didn't make it into Turner's speech.
[ Keep up on the day's tech news headlines with InfoWorld's Today's Headlines: First Look newsletter. | Learn how to secure your systems with Roger Grimes' Security Adviser blog and newsletter, both from InfoWorld. ]
First, Apple's ascendancy to the top of the reported vulnerabilities list isn't really news. Measured by MITRE's list of Common Vulnerabilities and Exposures, Apple has surpassed Microsoft in vulnerabilities for at least the last four years, but has only recently overtaken software giant Oracle, which takes the rap for vulnerabilities across a broad portfolio, including BEA and Sun products. In fact, Microsoft's ranking has held steady at No. 3 since mid-2006 -- which may be due to the company's embrace of SDL (secure development lifecycle) in the last five years.
So how might Apple's top rank be bad news for Microsoft? As the Secunia report points out, the discovery of software vulnerabilities correlates closely with the popularity of the platform itself. In other words, researchers and hackers are finding more holes in Apple's operating system and applications because they're paying more attention to an increasingly successful platform.