Adobe and Firefox Top Buggiest Software List

According to statistics compiled by vulnerability management firm Qualys, Adobe’s software products and Mozilla’s Firefox took the top two spots in a list of the buggiest software. The source of the information gathered comes from the National Vulnerability Database, a US government-run organization which tracks all of the important vulnerabilities from hundreds of popular software products.

It’s important to note that while both Adobe’s products and Firefox top this list, it doesn’t necessarily mean that they’re the most vulnerable software on the market, but rather that they have the most reported holes. Firefox in particular, due to its open-sourced nature, has holes patched up fairly quickly, so it can be argued that despite having a record number of vulnerabilities, it’s also incredibly secure.

On the opposite end of the stick, Adobe’s software is not open-sourced, so vulnerabilities are completely left up to the company to both acknowledge (unless an exploiter spots it first) and repair. Given the sheer number of times my installed Adobe software asks me to update, I’d have to assume that the company is fairly quick when it comes to issuing patches, but it’s hard to say for certain.

What is known for certain is that in the span of a single year, Adobe’s vulnerabilities sky-rocketed – from 14 in 2008, to 45 this year. Any way you look at it, that’s a major boost. It also shows that software crackers/attackers have been making a gradual shift from exploiting operating systems to applications. As Microsoft’s number dropped from 44 holes in 2008 to 41 this year, it helps back up the theory. As a whole, though, all of this information emphasizes the need to keep your software up to date, regardless of what it is… but especially if it’s a popular application.

Research from F-Secure earlier this year provides further evidence that holes in Adobe applications are being targeted more than Microsoft apps. During the first three months of 2009, F-Secure discovered 663 targeted attack files, the most popular type being PDFs at nearly 50 percent, followed by Microsoft Word at nearly 40 percent, Excel at 7 percent, and PowerPoint at 4.5 percent.