
Five vendors accounted for 24.1% of vulnerabilities in 2019 so far - hsnewman
https://www.helpnetsecurity.com/2019/08/26/vulnerabilities-first-half-2019/
======
madhadron
This feels like a strange list. The top five are Debian, suSE, Oracle, IBM,
and Microsoft. The next three are Canonical, Google, and RedHat. This feels
more like a fact about how much software the organizations are shipping rather
than anything about the organizations themselves. I also wonder whether they
double count a bunch of vulnerabilities that are in both Debian and SuSE (and
Canonical and Oracle and RedHat).

~~~
panpanna
I'm surprised Debian and Ubuntu are not at the same level.

They ship more or less the same packages anyway.

Also, BS clickbait article. Should never have been posted on HN to begin with.

------
dwyerm
Saving you from the clickbaity title: Debian etc, Suse, Oracle, IBM, and
Microsoft.

The bottom half is filled out with Canonical, Google, RedHat, Cisco and Adobe.

~~~
JoeAltmaier
Which is a 'heatmap' of "everybody producing lots of software". Not much info
in this article.

------
JoeAltmaier
There's a dilbert where the idiot boss says "It's come to my attention that
employees take 40% of sick days on Mondays and Fridays! This has got to stop!"
or some such.

This article reminds me of that.

------
JoeAltmaier
To understand how well they're doing, one would need a 'percapita' measure of
vulnerabilities per unit code produced, or some such?

------
_-david-_
Does anybody know how many of the vulnerabilities are unique to each of the
various Linux distros? I would assume that a large chunk would be the same
CVEs.

