When software specialists detect a security flaw or vulnerability in a program that could open a gateway to your system, you need to name the flaw unambiguously and record it in a standard database that everyone can look at.
Such a case may be the "Common Vulnerabilities and Exposures" database, which has been maintained by the contributory organization MITER in the USA since 1999. Over the years, it has essentially become a standard known as CVE, which lists each number of errors so recorded. The catalog records over 147,000 errors, including those that have penetrated the mass media. Examples include Specter and Meltdown, which plagued Intel in particular at the turn of 2017 and 2018, or Heartbleed, which caused panic a few years later when experts came to a serious flaw in the encrypted and widely used OpenSSL technology.
Being on top doesn't automatically mean that X can't write software and Y is leakier than anything else. On the contrary, it can be proof of a quality internal and external audit of the code, which is especially true for large companies. In short, annual statistics are often dominated by Microsoft, Google, etc., as all these large companies develop a huge number of critical programs and it is in the interest of the entire IT community to be subject to the greatest possible control.
If someone detects a critical vulnerability that can open the back door to Windows or Android, for example, it's good news, because a good hacker could document the bug, publish it, and then the author can fix the bug. An evil hacker can no longer abuse it.
Of course, it would be great if there were no errors, but given the complexity of today's code, it's virtually impossible. That's why experts must find these bugs and fix them.
The derived NVD database - National Vulnerability Database - was used for the following rankings, which also contains all reported CVE vulnerabilities. And what companies could we rank among the most healthy companies of 2020?
By far you can come across Microsoft and Cisco most often, but in the top fifteen, most of the other big software names are also missing. In parentheses is the number of occurrences of this manufacturer across the affected products in 2020.
Microsoft (14,299)
Cisco (11,885)
Juniper Networks (8,055)
Intel (5,978)
VMware (3,695)
Qualcomm (3,648)
Oracle (3,398)
F5 Networks (3,078)
HP (1,971)
Netgear (1,738)
Google (1,502)
IBM (1,290)
Apple (1,237)
Adobe (1,186)
CData (1,120)
In the next ranking, the product names are replaced by the authors. This means that if we came across the Android operating system most often in the list of affected products affected by the vulnerability, it will also reign over our second ranking.
But it turned out a little differently, and the most cited product in NIST's catalog in 2020 was the Juniper Junos specialized operating system, which is based on FreeBSD and controls Juniper's enterprise networking elements. However, Windows 10 is already in second place, while Android is also missing from the list below.
Juniper Junos (7,998)
Microsoft Windows 10 (5,709)
Cisco IOS (5,473)
VMware ESXi (3,448)
Cisco IOS XE (3,276)
Microsoft Windows Server 2016 (2,979)
HP Intelligent Management Center (1,651)
Oracle OpenJDK (1,393)
Google Android (1,192)
Microsoft Windows Server 2008 (910)
Microsoft Windows Server 2012 (851)
Microsoft Windows Server 2019 (779)
Gitlab Gitlab (635)
Cisco NX-OS (556)
Symantec Endpoint Protection (54)
Although the discovery of a critical flaw in a popular product always causes a negative sensation and is not exactly the best advertisement at first glance, more generally, it is in a way good news. Documentation and redress reduce how attackers can abuse their scams.