2006 is a bad year for all software, Linux included

* So far this year's reported vulnerabilities for apps and operating systems already exceeds last year's total

It has proven to be the year of living dangerously, if you are using a computer that's attached too the Internet - not so much if you're using a Linux-based machine.

Security vendor Internet Security Systems finds that the number of reported vulnerabilities for applications and operating systems has already exceeded the number reported all last year. As of October, 5,300 vulnerabilities have been reported. In all of 2005, 5,195 were discovered, according to ISS.

The majority of the vulnerabilities were attributed to Microsoft operating systems, which racked up 871, while Unix operating systems accounted for 701 vulnerabilities. The Linux kernel itself came out fairly clean, with only 38 vulnerabilities directly affecting the kernel.

However, the vulnerabilities for Linux grew when two factors were considered, ISS says: the number of vulnerabilities for individual Linux distributions, and the number of application and general vulnerabilities that can affect cross-platform systems. When this broader scope was considered, over 3,219 vulnerabilities applied to Linux systems running certain applications, as well as other operating systems running those applications.

Other open source-based applications registering on ISS's watch list for the year included all Mozilla applications - Firefox, Thunderbird, etc. - which had 65 vulnerabilities, and Apple's BSD-based MacOS X, which had 14 vulnerabilities as of August, ISS says.

Join the Network World communities on Facebook and LinkedIn to comment on topics that are top of mind.
Now read: Getting grounded in IoT