"Flaws in Web applications boosted the bug counts for
2006 by more than a third over the previous year, according to data
obtained by SecurityFocus from the four major vulnerability databases.
On Monday, the Computer Emergency Response Team (CERT) Coordination
Center released its final tally of the number of flaws the organization
processed in 2006."
…
"Many people are doing ‘grep and gripe’ research. They are doing a regular expression search, looking for patterns. If they get
a match they will report it to the public, but sometimes what ends up happening is they are reporting false positives. "
– Steven Christey, editor, the Common Vulnerabilities and Exposures (CVE) Project
Article Link: http://www.securityfocus.com/news/11436