What operating system has the most vulnerabilies?
From US-CERT:
Cyber Security Bulletin 2005 Summary
2005 Year-End Index
Information in the US-CERT Cyber Security Bulletin is a compilation and includes information published by outside sources, so the information should not be considered the result of US-CERT analysis. Software vulnerabilities are categorized in the appropriate section reflecting the operating system on which the vulnerability was reported; however, this does not mean that the vulnerability only affects the operating system reported since this information is obtained from open-source information.This bulletin provides a year-end summary of software vulnerabilities that were identified between January 2005 and December 2005. The information is presented only as a index with links to the US-CERT Cyber Security Bulletin the information was published in. There were 5198 reported vulnerabilities: 812 Windows operating system vulnerabilities; 2328 Unix/Linux operating vulnerabilities; and 2058 Multiple operating system vulnerabilities.
Emphasis mine. The bulletin lists all of the vulnerabilities by operating system. Note they have Apple/Mac included in the Unix/Linux category.
I was looking for stats on market share for operating systems and found this. I can't vouch for the accuracy of these stats, but here's the rundown.
Windows XP 77.92%
Windows 2000 9.82%
Windows 98 4.78%
Mac OS 4.11%
Windows ME 1.99%
Windows NT 0.86%
Linux 0.30%
Windows 95 0.12%
Web TV 0.03%
Windows CE 0.02%
SunOS sun4u 0.01%
PSP 0.01%
Hiptop 0.01%
Unknown 0.00%
FreeBSD i386 0.00%
What if Mac OS and Linux were at the top of the list? Would those 2328 'nix vulnerabilities (which include Apple/Mac) result in massive exploits putting malware/spyware on those machines? I don't know, but I think it's food for thought. If Mac and 'nix had top market share, my guess is the malware pushers would be all over them. Comments?
US-CERT link via Security Fix.