As hard as software developers work to prevent security flaws, there is at least, if not more effort put in by those trying to find and expliot these risks. Security threats are on the rise as more devices and workloads connect to the Internet.
Microsoft while still having a number of vulnerabilities, did not make the top three. Apple with OS X and iOS is at the top, followed by Linux kernel. This might be counterintuitive to those who consume only hype as Microsoft is an industry leader in creating secure software.
2014 was a tough year for Linux users from a security point of view, coupled with the fact that some of the most important security issues of the year were reported for applications that usually run on Linux. Heartbleed, for example, is a critical security vulnerability detected in OpenSSL while Shellshock is a vulnerability that affects GNU Bash.
Not surprisingly at all, web browsers continue to have the most security vulnerabilities because they are a popular gateway to access a server and to spread malware on the clients. Adobe free products and Java are the main challengers but web browsers have continuously topped the table for the last six years. Mozilla Firefox had the most vulnerabilities reported in 2009 and 2012; Google Chrome in 2010 and 2011; Internet Explorer was at the top for the last two years.