The software programs Google Chrome and Oracle Solaris surpassed Microsoft’s Internet Explorer in having the most vulnerabilities last year, according to Secunia, an IT security firm.
Bad news for IBM too: Big Blue’s software took 40 percent of the Top 20 most insecure applications.
Secunia recorded 15,435 software vulnerabilities in 3,870 applications during 2014, and found Chrome to be responsible for 504 of those, giving the browser an unfortunate first place on this list. Unix operating system Solaris was found to have  483 vulnerabilities, followed by Gentoo Linux (350) and Microsoft’s Internet Explorer (289).
IBM dominated the list, though, with eight entries. As CNET writes, Tivoli Endpoint Manager was Big Blue’s worst performer, with 258 vulnerabilities earning it 8th place. It was followed by Tivoli Storage Productivity Center (231), IBM Websphere Application Server (210), IBM Domino (177), IBM Lotus Notes (174), IBM Tivoli Composite Application Manager For Transactions (136), IBM Tivoli Application Dependency Discovery Manager (136), IBM Tivoli Application Dependency Discovery Manager (122), and IBM Websphere Portal (107).
The biggest security crises of the year focused on open source software with HeartBleed, SSL and ShellShock. Secunia wrote that these problems “brought attention to a previously neglected potential security issue: the use of open source applications and libraries in IT environments.” It adds: “It is therefore important to be aware of which open source libraries are in use in an environment, and to have a solid mitigation strategy in place. Because the applications that use these libraries are not always patched – often, they are not even reported vulnerable.”
