This, in fact, is a revised version of the report. As per the original, Google was the company with the highest percentage of unpatched flaws in H1 2010. However, Google was quick to dispute IBM's claim that it had left 33 percent of critical and high-risk bugs in its software unpatched: “We learned after investigating that the 33% figure referred to a single unpatched vulnerability out of a total of three — and importantly, the one item that was considered unpatched was only mistakenly considered a security vulnerability due to a terminology mix-up. As a result, the true unpatched rate for these high-risk bugs is 0 out of 2, or 0%.”
But this wasn't the lone mistake in the original, which also erroneously rated Oracle-owned Sun as the vendor with the highest percentage of unpatched vulnerabilities in the first half of 2010. But that honor now belongs to Microsoft.
“After we released our trend report this week, we received feedback from two software vendors regarding the severity and remedy information for some of the vulnerabilities behind this chart,” IBM said in a blog post.“As a consequence of this feedback, we have manually reassessed the CVSS scoring, remedy information, and vendor information for every vulnerability that impacted the percentages that appear in this chart.”