COOEY // HUBcompliance · community · intelligence

FAIL // hall of shame

The security failures of FedRAMP vendors, their competitors, and the hardware they ship — ranked by zero-days, remote code execution, active exploitation, sheer embarrassment, and False-Claims-Act recoveries. A dex.sgc.ai RAG curator writes each event's summary and scores how avoidable the failure was; every name links to its dossier.

714
on the board
1
zero-days
235
RCEs
101
exploited
544
assessed
$82M
FCA recovered
Overview☣ Most embarrassing◐ Most zero-days⚡ Most RCEs⌖ Most exploited⚖ Biggest FCA recoveries
All playersCompaniesVendorsProducts / HW ◧ FedRAMP only

☣ Most embarrassing

Ranked by how avoidable and reputation-shredding their worst failure was — the dex curator's grounded 0–100 verdict.

  1. 01
    FortiClient EMS product
    ⚡ 2 ⌖ 2 shame 85
    85shame
  2. 02
    WebPros vendor
    ⌖ 1 ☣ 1 shame 85
    85shame
  3. 03
    ⚡ 1 ⌖ 1 shame 85
    85shame
  4. 04
    PTC FedRAMP company
    ⚡ 1 ⌖ 1 shame 85
    85shame
  5. 05
    ⚡ 1 ⌖ 1 shame 85
    85shame
  6. 06
    ⚡ 1 ⌖ 1 ☣ 1 shame 85
    85shame

full most embarrassing leaderboard ▸

◐ Most zero-days

Vulnerabilities exploited before a patch existed — the worst kind to ship.

  1. 01
    Adobe FedRAMP company
    ◐ 1 ⚡ 4 ⌖ 4 shame 85
    10-days
  2. 02
    Acrobat product
    ◐ 1 ⚡ 1 ⌖ 1 shame 85
    10-days

full most zero-days leaderboard ▸

⚡ Most RCEs

Remote/arbitrary code-execution flaws — full-compromise class bugs.

  1. 01
    Microsoft FedRAMP company
    ⚡ 11 ⌖ 17 ☣ 2 shame 85
    11RCEs
  2. 02
    totolink vendor
    ⚡ 8 shame 50
    8RCEs
  3. 03
    tenda vendor
    ⚡ 5 shame 50
    5RCEs
  4. 04
    dlink vendor
    ⚡ 5 shame 50
    5RCEs
  5. 05
    tp-link vendor
    ⚡ 5 shame 50
    5RCEs
  6. 06
    Adobe FedRAMP company
    ◐ 1 ⚡ 4 ⌖ 4 shame 85
    4RCEs

full most rces leaderboard ▸

⌖ Most exploited

Count of their CVEs on CISA's Known-Exploited-Vulnerabilities catalog — actively used against defenders.

  1. 01
    Microsoft FedRAMP company
    ⚡ 11 ⌖ 17 ☣ 2 shame 85
    17on KEV
  2. 02
    Cisco Systems Inc. FedRAMP company
    ⚡ 4 ⌖ 9 ☣ 1 shame 85
    9on KEV
  3. 03
    Google FedRAMP company
    ⚡ 4 ⌖ 4 shame 85
    4on KEV
  4. 04
    windows product
    ⚡ 3 ⌖ 4 shame 85
    4on KEV
  5. 05
    ⚡ 1 ⌖ 4 shame 65
    4on KEV
  6. 06
    Adobe FedRAMP company
    ◐ 1 ⚡ 4 ⌖ 4 shame 85
    4on KEV

full most exploited leaderboard ▸

⚖ Biggest FCA recoveries

Dollars recovered from contractors who misrepresented their cybersecurity — DOJ Civil Cyber-Fraud settlements.

  1. 01
    Hill ASC Inc. company
    shame 40
    $14.75M
  2. 02
    Guidehouse Inc. company
    shame 40
    $11.30M
  3. 03
    Associates company
    shame 40
    $11.30M
  4. 04
    Nan McKay company
    shame 40
    $11.30M
  5. 05
    Centene company
    shame 40
    $11.25M
  6. 06
    shame 40
    $11.25M

full biggest fca recoveries leaderboard ▸