Secunia: Unpatched 3rd Party Programs Account for Most Vulnerabilities

A Secunia PSI report for the UK covering the past year found that 71% of vulnerable programs originated from unpatched 3rd parties.

The Top 10 Most Exposed Programs identified were:

● 1 Microsoft XML Core Services (MSXML) 4.x
● 2 Sun Java JRE 1.6.x / 6.x
● 3 Adobe AIR 3.x
● 4 Apple QuickTime 7.x
● 5 Adobe AIR 2.x
● 6 VLC Media Player 2.x
● 7 Adobe Flash Player 10.x
● 8 Adobe Flash Player 11.x
● 9 Apple iTunes 10.x
● 10 Oracle Java JRE SE 1.7.x / 7.x

The Top 10 End-of-Life (no longer supported, hence insecure) programs were:

1 Microsoft Removal Tool: Blaster/Nachi
2 Adobe Shockwave Player 10.x
3 RealPlayer 15.x
4 Microsoft Office PowerPoint Viewer 2003
5 Adobe AIR 1.x
6 Google Earth 5.x
7 Sun Java JRE 1.5.x / 5.x
8 Mozilla Firefox 16.x
9 Mozilla Firefox 1.x
10 Microsoft Word 2000

Ref:
http://secunia.com/?action=fetch&filename=PSI-Country-Report-%28GB%29-%282013Q1%29.pdf
http://www.h-online.com/open/news/item/The-update-jungle-PC-owners-have-to-watch-24-sources-for-fixes-1847060.html

Comment:
Microsoft programs are notable by their relative absence from these lists. (Presumably most users keep them updated via MSU or automatic updates).  I suppose this report is a bit self-serving, since all the data was generated by Secunia, whose PSI and OSI programs promote keeping 3rd party programs updated. But hey, at least they are free!