counting vulnerabilities...

from Robert Hensing's blog (technically right from the title)

Counting vulnerabilities is a natural way to measure security. If you're a retard.

in reality counting vulnerabilities is like counting dents in a car - unusually high numbers may suggest there's a cause for concern but neither low nor high numbers are conclusive of anything.