IBM ISS’s X-Force on vulnerability trends in the first half of 2008. Nearly 60 percent of all client-side exploits were aimed at the browser, versus less than 20 percent at the operating system. The most popular browser exploits in first half were one to two years old, many dating back to 2006 (and that have patches) ActiveX plug-ins were some of the biggest offenders, according to the report. The report also highlighted one of IBM ISS’ pet causes: responsible disclosure.”]
Source: https://www.darkreading.com/analytics/report-from-bug-disclosure-to-exploit-in-24-hours