ESET has had high severity CVEs in a security product, including SYSTEM RCE and kernel RCE.
Agree that 90% of CVE's are meaningless but unless they've done a lot of sandboxing work in the meantime (guessing not, and up to them to show that) it's hard to trust.
Given the CVEs published, do you feel confident that if the product were robustly fuzzed / reversed+ tomorrow that there wouldn't be low hanging RCE? How safe do you feel running Windows with that product versus without? Personally I trust Microsoft's engineering / SDLC more than ESETs, maybe just me.
https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=Eset
But from way back it's been RCE prone: https://support.eset.com/en/news325-eset-customer-advisory-v...