Bug counting

Over the past years, the number of bugs in Adobe Reader has grown, while Microsoft applications have better stats.

According to Verisign's bug tracking division iDefense, 45 bugs in Adobe's Reader software were found by either cybersecurity researchers or malicious hackers this year and patched. In 2008, iDefense found 14 Reader bugs, double the number in 2007.

Meanwhile, the number of bugs found in commonly-used Microsoft programs like Internet Explorer, Windows Media Player and Microsoft Office remained flat or dropped. Just 30 bugs were exposed in Internet Explorer compared with the same number last year, and 41 bugs were found in all of Microsoft's Office programs like PowerPoint, Word and Excel, down from 44 in 2008.

Firefox showed an uptick in vulnerabilities: iDefense tracked 102 bugs found and fixed in Firefox this year, up from 90 last year. (That high number, however, shouldn't be compared directly with programs like Adobe Reader or Internet Explorer given that open source programs' bugs are more often made public, researchers say.)

Application patches are implemented far less strictly by users than operating system patches. The time it takes half of all unpatched versions of an operating system to be patched has been cut from 45 days in 2004 to 15 days this year, according to a study that was published in September by the SANS Institute. Meanwhile, four of the vulnerabilities in Sun Microsystems' Java programming language are still listed among the 30 most common unpatched bugs, despite patches being issued as early as 2007.

Source: Forbes.com.