The number of vulnerabilities reported by third-party bug bounty programs and intermediaries fell by more than could be accounted for by a single vendor’s lack of reporting. Part of the decline could be due to paying for higher quality vulnerabilities, analyst says. Security experts say browsers continue to be a major focus of researchers and bounty programs that buy vulnerabilities. The data shows that the number of software security flaws has remained within the same range — between 6,500 and 7,500 — for the past five years.”]
Source: https://www.darkreading.com/application-security/third-party-vulnerability-counts-down-not-quite