With 2016 officially over, we can crown Android as 2016's product with most vulnerabilities, and Oracle as the vendor with the most security bugs.
This statistic is based on the number of vulnerabilities reported by security researchers in the past year, bugs which have received a CVE identifier.
According to CVE Details, a website that aggregates historical data on security bugs that have received a CVE identifier, during 2016, security researchers have discovered and reported 523 security bugs in Google's Android OS, winner by far of this "award."
Second place in this ranking went to Debian Linux with 319 vulnerabilities, while third place went to Ubuntu Linux with 278 CVEs.
The rest of the top 10 is made up by Adobe Flash Player (266 bugs), openSUSE Leap (259 bugs), openSUSE (228 bugs), Adobe Acrobat DC (227 bugs), Adobe Acrobat Reader DC (227 bugs), Adobe Acrobat (224 bugs), and the Linux Kernel (216 bugs).
2015's winner, Mac OS X came only eleventh this year, with 215 security bugs, compared to last year, when researchers found 444 bugs in Apple's main OS.
Past winners of this "prestigious award" include:
When it comes to software vendors, the company for which the largest number of new CVE numbers have been assigned was Oracle, with a whopping 798 CVEs.
Most of these security bugs have been reported in Oracle products such as MySQL, Solaris, and its custom Linux OS version.
Second to Oracle was Google, with 698 security bugs, with the most being reported in products such as Android and Chrome. Third was Adobe with 548 bugs, with the vast majority of bugs reported in Flash Player and different Reader/Acrobat variants.
The rest of the top 10 is made up of Microsoft (492 bugs), Novell (394), IBM (382 bugs), Cisco (353 bugs), Apple (324 bugs), Debian Project (320 bugs), and Canonical (280 bugs).
Past vendors that have topped this unfortunate chart include: