Steve Christey w/ CVE recently posted that trying to keep up with Linux Kernel issues was getting to be a burden. Mozilla advisories are getting worse as they clump a dozen issues with “evidence of memory corruption” into a single advisory. The group with the strongest incentive to fully comprehend the vulnerability is the group that seeks to exploit it. Once they understand the vulnerability they have a strong incentive to not tell anyone else so they can financially or otherwise benefit from their asymmetric knowledge. This is disturbing, because it means that the people with the most at stake — the asset owners — don’t know how to assess risk.”]
Source: https://taosecurity.blogspot.com/2009/05/osvdb-on-problems-with-identifying.html