IBM is documenting up to 150 vulnerability disclosures a week. Many of them are Web application flaws. Its vulnerability database has 70,000 unique vulnerabilities and has averaged 7,700 vulnerabilities per year over the past five years. But, vulnerability disclosure figures alone don't typically tell the whole picture. There are signs that software security processes at major software vendors are maturing. Product incident response teams are addressing coding errors more quickly than ever before, and their processes are constantly being refined, IBM said in its latest X-Force Trend and Risk Report.