CVE Top 50 Vulnerabilities issue

I’m not an Apple user by any means but I think there is a slight misconception when it comes to the top 50 list mentioned in the video. I know you said the Windows OSes are split up but you made a point that Apple was at the top of the list for the most vulnerabilities.

Today there are 1890 total vulnerabilites for Mac OSX. This is the only OS for Mac that is used on the website since they don’t separate it by Siera, El Capitan… etc. It’s all grouped into one.

Windows however, is all separated but when you group it the way Mac OSX is, then you get a whole different story. Honestly this is the story that matters, considering that by grouping them, we will have a better understanding of vulnerabilites by the same time frame. When you take Windows 10, 8.1, 7, Vista, XP and 2000, you get 3,802 Vulnerabilities vs Mac OSX with only 1890.

Now you said the main vulnerabilites you have to worry about were the ones that execute code. So for the sake of not wasting more of my time for this pointless topic (honestly it really doesn’t matter, I just wanted to clarify because when I watched the video it jumped out to me how you said people would be surprised to see Apple at the top of the list…), I didn’t add up all the code executing vulnerabilities from each version. Instead I roughly counted these 3 versions: Windows 7, Vista and XP, there were essentially the same amount of vulnerabilities which executed code that Mac OSX had all together.

Anyway, I just thought I would throw that out there. Great job, I’m enjoying the course a lot so far.

You make good points. I’m actually deliberately over simplifying the issue at the start of the course to make the point that all systems have vulnerabilities and to counter the argument that Mac is “Secure”. I’m taking this over simplified approach to a complex question to counter that. The best report/article for exploring the issues of vulnerabilities and stats is the report I show at the end. Give this a read for a more advanced look. https://blog.osvdb.org/2013/08/07/buying-into-the-bias-why-vulnerability-statistics-suck/