The United States Computer Emergency
Readiness Team (US-CERT) has released it's 2005 year-end index of software
vulnerabilities. This list includes vulnerabilities that were identified
between January 2005 and December 2005 and covers all types of software
including operating systems. Of the 5,198 reported vulnerabilities, 812
pertained to Windows OS vulnerabilities; 2,328 pertained to Unix/Linux OS
vulnerabilities; and 2,058 were vulnerabilities that affected multiple
operating systems. While the list is noticeably missing any reference to Mac OS
X, keep in mind that OS X is Unix based and is therefore covered by many of the
same vulnerabilities. Also missing from the list is the most recently covered
Windows WMF vulnerability, which Microsoft admits it was aware of as early as
December 27th, 2005.
Keep
in mind that numbers of vulnerabilities do not indicate overall OS security.
Some vulnerabilities are very insignificant and pose little threat or are
limited to a small portion of users for that particular OS that are operating
under specific criteria.
News source: United States computer Emergency Readiness Team