The security failures of FedRAMP vendors, their competitors, and the hardware they ship — ranked by zero-days, remote code execution, active exploitation, sheer embarrassment, and False-Claims-Act recoveries. A dex.sgc.ai RAG curator writes each event's summary and scores how avoidable the failure was; every name links to its dossier.
Ranked by how avoidable and reputation-shredding their worst failure was — the dex curator's grounded 0–100 verdict.
full most embarrassing leaderboard ▸
Vulnerabilities exploited before a patch existed — the worst kind to ship.
full most zero-days leaderboard ▸
Remote/arbitrary code-execution flaws — full-compromise class bugs.
Count of their CVEs on CISA's Known-Exploited-Vulnerabilities catalog — actively used against defenders.
full most exploited leaderboard ▸
Dollars recovered from contractors who misrepresented their cybersecurity — DOJ Civil Cyber-Fraud settlements.