Cloud security company Orca Security scanned more than 2,200 virtual appliance images from 540 vendors that were being distributed through the marketplaces of common cloud platforms. The appliances were both commercial and free-to-use, contained both proprietary software and open-source, and were supplied by both security and non-security vendors. The company created a scoring system from 0 to 100 that took into account whether the appliances were running supported or no longer supported operating systems versions, contained one or more of 17 high-profile and high-risk vulnerabilities such as Heartbleed.”]