[jdietrich]

It seems like a rather logical distribution of projects if you consider the ratio of (installed base/developer interest). The projects on this list all have massive user bases, but few of them would garner much excitement on HN and they have relatively small developer communities.

Filezilla, Notepad++ and 7-zip aren't in themselves mission-critical, but they're hugely popular products. If you can pwn an office computer or a developer workstation, you've made a crucial step towards pwning something properly sensitive. Think about the IT guy in a typical medium-sized business or a government department - what are the first things he's going to install on his own work computer? After Microsoft Office and his browser, what programs will he most often use to open untrusted files from the internet? What happens to the department if a trojan on his machine starts feeding his passwords to the FSB or the PLA?