1. EFats's Avatar
    This is a tricky one, unless you have a dedicated group of experts go through all the products equally at one go.

    But here is a decent alternative: How many security vulnerabilities are there in the product (disclosed or discovered)?
    This site gives one measure Top 50 products having highest number of cve security vulnerabilities in 2016

    So in 2016 alone, Android racked up 523 (you can drill in to get the details of vulnerability by type)
    But let's take a look at Blackberry, for which they have a few years data dating back to 2008. Blackberry rolls in with a grand total of 22, spread over 19 products which include BES, QNX and other enterprise stuff but also Blackberry OS (presumably 7) and individually some BB10 devices, Q10, Z10, Z30, etc. Just over 1 problem per product. This is one category where I'm sure Blackberry is proud NOT to make the top 50 list!

    Android, with data going back to 2009 have racked up 691 problems.
    iOS got 161 for this year alone and a running total of 984.
    That's just individual products, it gets worse when you look at Google or Apple as a whole (or Microsoft for that matter).

    Yes, it is entirely possible that the low vulnerability count for Blackberry is due to nobody inspecting it for issues. But that doesn't sound likely. Back in 2008/2009, according to my Googling, CNN are claiming Blackberry held over 55% marketshare at that time. Especially give its customer base, I would say they would've been quite the juicy target, so the low security vulnerability count is probably not due to lack of eyeballs on the product.

    So, who are you going to choose for your mobile device if security is a priority?
    01-03-17 11:13 PM
  2. Uzi's Avatar
    Security doesn't sell if security sell it would be number one os right now

    Posted via CB10
    01-03-17 11:25 PM
  3. thurask's Avatar
    You might note the product with the second most number of CVEs is Debian Linux (they do like to give found issues CVEs); and yet, a very good proportion of servers are running it. Maybe because they get around to fixing vulnerabilities instead of hoping nobody notices.
    Vistaus likes this.
    01-03-17 11:37 PM
  4. Superdupont 2_0's Avatar
    Just counting the number of CVEs is a good starter, but it shouldn't end there. One can't make final conclusions with this information.

    In a second step, I would check the number of vulnerabilities with an CVSS score of 9 or higher.
    Such vulnerabilities are very dangerous, because they can be easily exploited and they are a strong sign of bad QC of the vendor.
    (That's why I don't trust Apple or Android, both do a horrible job here making embarrassing mistakes for years. )

    In a 3rd step you can check mitigation strategies.
    Webkit vulnerabilities in the browser can become irrelevant, if you have deployed webfilters (pac file for example).
    Compromised apps from Google Play or Apple's appstore can become irrelevant, if your MDM policy is blocking access to these stores... etc etc...

    There are certainly more steps, I think it could be a very serious piece of work to make a proper threat analysis for your use case.

    But if you try to make an argument that OSes with low market share are more secure, because there isn't much malware if any, then I would suggest to go back to Windows 98 or stay with XP... no, it isn't that simple.

    The thing I truly love about BB10 is the fact, that my personal (and totally unprofessional) risk analysis was very very short... almost no CVEs, almost no other threats/vulnerabilities known.
    Attach the device to BES, deploy webfilters and use some common sense, voila!

    If I ever have to switch to iOS or Android, risk analysis will become a headache (I am simply not qualified and I don't know people who are).

    Posted via CB10
    01-04-17 01:02 AM

Similar Threads

  1. Replies: 8
    Last Post: 01-04-17, 09:49 AM
  2. BlackBerry begins rollout of January Android security update
    By CrackBerry News in forum CrackBerry.com News Discussion
    Replies: 1
    Last Post: 01-04-17, 09:36 AM
  3. Blackberry Press two versions
    By JOHNGAETANO in forum BlackBerry KEYone
    Replies: 11
    Last Post: 01-04-17, 07:58 AM
  4. BlackBerry Priv Insurance through AMT
    By tbonecopper in forum BlackBerry Priv
    Replies: 1
    Last Post: 01-03-17, 08:50 PM
  5. Blackberry Press (Mercury)
    By JOHNGAETANO in forum BlackBerry KEYone
    Replies: 4
    Last Post: 01-03-17, 04:25 PM