2012 was a record-breaking year for the number of most critical vulnerabilities, those with a CVSS score of 10. Buffer overflows continue to be the most important type of vulnerability, with 35% of the total share of critical vulnerabilities over the last 25 years. For the first time since 1998, Microsoft did not lead vendors in terms of vulnerabilities reported in 2012. Microsoft released 13% of their patches after the CVE was published, meaning vulnerability information was publicly available and potentially exploited before a patch was released (0-day)”]
Source: https://blog.talosintelligence.com/2013/03/25-years-of-vulnerabilities-1988-2012.html

