|
|
|
|
|
|
by MattPalmer1086
963 days ago
|
|
|
Aggregating cve data is probably not a useful signal. Products with more cves are not necessarily less secure than ones with fewer ones. Possibly if a product consistently has high cves over a long period of time that might tell you something about poor security practices over that period (or before it). It might also mean that their security is now quite good! You have to interpret the data I'm afraid. I can't think of any useful statistical measures you could use to compare aggregate data across multiple products. |
|
|