You can't compare counts of published vulnerabilities when organizations have vastly different standards of publication. Open source projects (e.g. Firefox, chromium) publish everything, even internally found flaws. Closed-source projects tend to publish only those reported by external reporters, not ones they found internally. At least one hopes they are also fixing lots of internal bugs! They might not be, in which case a low vulnerability count could actually mean they've got lots of unfixed vulnerabilities.What about attacks found in the wild? Flash takes the cake there, although that may in part mean its ubiquity makes it a useful target.
In any case you can't use Flash to browse the web. You are already taking on the risk of whatever vulnerabilities lurk in your chosen browser; using Flash is adding vulnerability risk on top.
No comments yet.