If finding vulnerabilities makes software more secure, why do we assert that software with the highest vulnerability count is less secure? If disclosure date is the day that software becomes “at risk” why don’t we try our hardest to prolong that date?Conclusion: nobody really knows what the heck they are talking about when it comes to “secure software” An alternative measure: The Spire Vulnerability Rating. An alternative to the vulnerability rating: The vulnerability rating is based on the vulnerability rate of software with a vulnerability count.”]

