There’s also the ones known by very few people. There’s companies and unofficial groups of people who collect and sell this information. Usually to state governments, off records.
I don’t think it’s the case for Linux, but I occasionally follow the state of things for bounties offered by Google and Apple to white hat hackers. Though this case is clearly malicious, I understand most vulnerabilities can easily pass as a bug/mistake.
There’s also the ones known by very few people. There’s companies and unofficial groups of people who collect and sell this information. Usually to state governments, off records.
I don’t think it’s the case for Linux, but I occasionally follow the state of things for bounties offered by Google and Apple to white hat hackers. Though this case is clearly malicious, I understand most vulnerabilities can easily pass as a bug/mistake.