Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

data: I grabbed all 500+ records and counted, by month, those with severity 10 (column 10) and severity >= 7 (column 7). Rows is the # of cve records for that month.

it's not awesome

   month   rows 10  7
   2015-07   35 28 29
   2015-06   14  7  7
   2015-05   17 10 10
   2015-04   22 19 19
   2015-03   11  7  9
   2015-02   19 19 19
   2015-01   12  9 11
   2014-12    6  5  5
   2014-11   19 16 18
   2014-10    3  3  3
   2014-09   12 11 12
   2014-08    8  7  7
   2014-07    3  0  2
   2014-06    6  1  3
   2014-05    5  0  5
   2014-04    4  1  2
   2014-03    4  2  2
   2014-02    4  3  4
   2014-01    2  2  2
   [...]
2015 has not been kind to them, but it's been a continuous trickle of remote severity 10s every month for a year and a half

truncated because it took too much space; full results: https://gist.github.com/anonymous/763e28612b74d3a1817a

NB: only months with at least one cve event show up, but given adobe's focus on security, it wasn't really necessary to fill in months with 0 events to get the point across

download each screen full of results from the cve site into a single directory and run this script: https://gist.github.com/anonymous/990bfe126d273ef84134



Vulnerabilities increase and usage decreases. I wonder if an economically sensible decision should be to EOL Flash soon. Are they still doing any money out of it?


I answer to myself because I just read this http://www.theverge.com/2015/7/13/8948459/adobe-flash-insecu... from Facebook's CSO.

"It is time for Adobe to announce the end-of-life date for Flash and to ask the browsers to set killbits on the same day. — Alex Stamos (@alexstamos) July 12, 2015"




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: