Analysis shows over the last decade Windows 10 had fewer vulnerabilities than Linux, Mac OS X and Android

An analysis of the National Institute of Standards and Technology’s National Vulnerability Database has shown that, if the number of vulnerabilities is any indication of exploitability, Windows 10 appears to be a lot safer than Android, Mac OS or Linux.


Over the last decade, Debian Linux had 3067 technical vulnerabilities, which they defined as “a characteristic or configuration that can be exploited by an attacker to gain unauthorized access or misuse a network and its resources.” Next was Android with 2563, the Linux kernel with 2357 and Mac OSX with 2212.

Windows 10 only recorded 1111 technical vulnerabilities, and even if we add Windows 10 (released in 2015) to Windows 7 (released in 2009), the total is still much less than Android and Debian Linux.

Of course, Microsoft has many more products than Windows, and this means the software giant also has a much bigger load of vulnerabilities.

vulnerable vendors

Microsoft tops the list at 6814 reported vulnerabilities collected over the decade, but only have 12.9 vulnerabilities per product, versus 54.4 for Google and 37.9 for Apple.

Of course, the raw numbers do not tell the whole story, as some vulnerabilities are more serious than others.

That showed that unsurprisingly Adobe Acrobat and Flashplayer was the most dangerous software to have on your PC, thought Microsoft Office and Internet Explorer were not too far behind. The absence of newer platforms like Chrome or Windows 10 shows companies have become better at mitigating vulnerabilities and built-up better defence in depth.

The report also notes that while thousands of technical vulnerabilities may be alarming, vulnerabilities are detected, on average, within 197 days and contained in 69.

The main takeaway from the analysis appears to remain on the latest version of the platform your vendor offers and of course to stay patched.

The full report, with much more detail, can be read here.

Leave a Reply

{"email":"Email address invalid","url":"Website address invalid","required":"Required field missing"}