When I ask are we going to dispense with the bullshit of using the number of vulnerabilities as a measure of secuirty instead of examining the vulnerabilities themselves and determining how dangerous they are?
It just seems screwy to weigh a vuln that can only be exploited by a local user if such and such is installed and only on odd days of the week in months with a blue moon to one that can be exploited by anyone who can write a VB program?