Windows 10 isn’t the most vulnerable operating system – it’s actually Linux

(Image credit: Microsoft)

Which operating system has suffered the most vulnerabilities since around the turn of the millennium? That would be Linux, not Microsoft’s Windows, at least according to a freshly released report.

An analysis of the National Institute of Standards and Technology’s National Vulnerability Database, compiled by, tracked ‘technical vulnerabilities’ in popular pieces of software between 1999 and 2019.

And Debian, a flavor of Linux, was top of the table with 3,067 vulnerabilities over the last two decades. Reasonably close behind was Android on 2,563 vulnerabilities, with the Linux kernel in third place having racked up a count of 2,357. Apple’s macOS was only slightly behind that with 2,212, with Ubuntu in fifth place on 2,007.

All of the top five places were taken by operating systems, although Firefox and Chrome filled the next two positions with 1,873 and 1,858 vulnerabilities respectively.

As for Microsoft’s operating systems, Windows 7 bore 1,283 vulnerabilities, and Windows 10 carried 1,111. If you add those together, you get a total of 2,394 for the past decade, roughly – given that Windows 7 came out in 2009, and handed the baton to Windows 10 in 2015.

Although note that some of the other figures mentioned represent a full two decades of existence – like Debian, which has been around since 1993 – so it’s difficult to make direct comparisons in that respect.

Still, this serves to underline that Windows security is perhaps not as shaky as you might believe, at least historically, and indeed that Linux and Mac users shouldn’t be complacent.

Of course, there’s a lot more to security than the mere number of vulnerabilities which pop up in any given operating system or product. There are a number of other important points to consider here, too, such as the nature of those vulnerabilities, the likelihood of them being targeted, and of course the response and ease of patching them, among many other factors.

The point still stands, however, that no users should be complacent, no matter how secure they believe any particular product might be.

Looking at the figures for 2019 alone, Android was the most vulnerable piece of software with 414 reported vulnerabilities, followed by Debian Linux on 360, and Windows 10 was in third place in this case with 357.

Microsoft is a major target

If you go by software makers, Microsoft is unsurprisingly top of the rankings given the breadth of widely-used products it makes (not just Windows, but Office, web browsers and more). Some of the most critical vulnerabilities were found in Microsoft Office, too, with the report giving the productivity suite’s various security flaws a weighted average of 9.1 in terms of their seriousness.

That was beaten only by Adobe Flash Player (9.4) and Adobe Acrobat (9.2).

As for the type of vulnerabilities found, in 2019, a quarter (25.3%) of all the observed security flaws were code execution vulnerabilities. Cross-site scripting was the second most prevalent gremlin in the works at 17.7%, followed by buffer overflows at 13.9%, and then denial of service attacks at 10.2%.

Via MS Poweruser

Darren is a freelancer writing news and features for TechRadar (and occasionally T3) across a broad range of computing topics including CPUs, GPUs, various other hardware, VPNs, antivirus and more. He has written about tech for the best part of three decades, and writes books in his spare time (his debut novel - 'I Know What You Did Last Supper' - was published by Hachette UK in 2013).