Skip to main content
December 18, 2007

Risk vs Vulnerability

George Ou has an interesting analysis of Microsoft OS vs Apple OS vulnerability counts. Anything comparing the security of these two companies becomes controversial. I think that any analysis of vulnerability counts should include a paragraph on risk vs. vulnerabilities to diffuse the Mac fanboys. I might be able to leave my backdoor safely unlocked (a vulnerability) in the suburbs of Boston in Concord, MA. I wouldn't do the same thing in Brooklyn, NY. Same vulnerability, different threat environment. Everyone readily admits that Macs have less risk on average due to their population and user base. This does not mean they are more secure. Move them into a high risk environment such as the hacker challenge at CanSecWest and they fall down. Just because there are no crackheads roaming around my neighborhood doesn't mean my house is secure if I leave the backdoor open.

Related Content

Chris Wysopal, co-founder and CTO of Veracode, is recognized as an expert and a well-known speaker in the information security field. He has given keynotes at computer security events and has testified on Capitol Hill on the subjects of government computer security and how vulnerabilities are discovered in software. His opinions on Internet security are highly sought after and most major print and media outlets have featured stories on Mr. Wysopal and his work. At Veracode, Mr. Wysopal is responsible for the security analysis capabilities of Veracode technology.

Love to learn about Application Security?

Get all the latest news, tips and articles delivered right to your inbox.