In 2012, the number of publicly reported software vulnerabilities jumped by 26 percent. Adobe, Mozilla, Oracle — the company that supports Java — are the developers with the most easy-to-exploit vulnerabilities. Less than half of all vulnerabilities were easily exploitable, down from approximately 95 percent in 2000. Adobe: “There are black markets; there are a lot of those high-severity vulnerabilities being siphoned off” There are more than enough highly critical flaws to go around, experts say.”]
Source: https://www.darkreading.com/application-security/lessons-learned-from-a-decade-of-vulnerabilities