ISS’ X-Force witnessed a reduction (-5.4 percent) in new vulnerability disclosures from the previous year. ISS: Vulnerabilities found in 2008 were lower than those found in 2007. Security professionals should be considering whether to increase or decrease the number of vulnerabilities found in production. People get attached to this stuff so much that it becomes clear that they never want to be done. People are really vested in ensuring this number stays high, says Larry Dignan at ZDNet/Zero Day.”]
Source: https://spiresecurity.typepad.com/spire_security_viewpoint/2008/02/getting-over-th.html