@GitHubSecurityLab posted https://github.blog/2023-01-23-pwning-the-all-google-phone-with-a-non-google-bug/ last week, and one thing that really stood out to me was, "This again shows the importance of properly addressing security issues and recording them by assigning a CVE-ID, so that downstream users can apply the relevant security patches. Unfortunately, vendors sometimes see having security vulnerabilities in their products as a damage to their reputation and try to silently patch or downplay security issues instead."

Customers absolutely value secure software, but they also value honesty and transparency. To all vendors, it's possible to be a successful company and also to have CVEs associated with your products.

Don't believe me? The top five most successful software companies have a total of 33,783 CVEs associated with them.

Be honest, be transparent. Your customers will appreciate it.

The official NYC Crime Map (https://maps.nyc.gov/crime/) uses skin-tone colors for its legend; the darker the skin-tone color, the higher the crime rate.

WTF? Could they not have picked a different color scheme??