This is one of the conclusions that can be drawn from the latest quarterly report released by security company Trend Micro (PDF). It will likely get a reaction as well, considering the editor boldly stated this in the reports title. They have stated that both Google and Oracle had more security vulnerabilities reported against them in their products than Microsoft.
In the second quarter, the worst offenders were Microsoft, Google and Adobe, while in the third quarter it is Google, Oracle and Microsoft. For Google, 82 vulnerabilities were recorded – up from 65, while during the same period Microsoft managed to reduce their 96 to 68.
For Trend Micro, this tendency is mainly due to Google Chrome and the increased popularity of the browser. The security developer will nevertheless receive some feedback from Google’s security team for writing “The speed by which Chrome is developed, which limits the amount of time for internal and external bug testing prior to product release, may have something to do with Google’s rise in ranking as well”.
The updates – maintenance releases included – to Google Chrome are relatively frequent, with these having recently been accompanied by a long list of vulnerability corrections. Such updates are very rarely critical.
And this is an important point which Trend Micro comes back on “none of the vulnerabilities in Chrome were as severe as some of those found in Microsoft products“.
Google, has also put into place a rewards program for the discovery of faults in Chrome (and Chromium) made by third party security researchers. Such reports are rather productive in updating Google’s source code.