Too Long; Didn't Read
Vulnerable software is by definition not secure, but that does not mean we judge security by the number of vulnerabilities. We highlight this by looking at two commonly used libraries, OpenSSL and GStreamer. Few vulnerabilities do not equal a more secure library, but few historical vulnerabilities don't mean fewer future vulnerabilities. The distribution of vulnerabilities seems to have been significantly affected by Heartbleed, the distribution of these were disclosed during 2014-2016, with peaks in 2015 and 2016. We can not say for sure that GStreamer is less secure because of the spike in 2017.