As part of the league table series, this article takes an alternative look at some of the top vendors in particular industry segments, such as access management, identity governance and administration, authentication and privileged access management.
This league table is constructed with open source material from the National Vulnerability Database, as maintained by the National Institute of Standards and Technologies in the US. This list is essentially based on the Common Vulnerability Exposures data feed from mitre.org and embellished with vendor comments and resolutions.
The vendors selected below, are typically those that would feature within the Gartner Magic Quadrant for Access Management, and other vendors who typically compete with those organisations.
This table is updated regularly, but please comment if any omissions are found.
Vendor versus number of vulnerabilities found per year:
| Vendor (with link to the NVD search) | 2015 | 2016 | 2017 | 2018 | 2019 | 2020 | Total |
| Amazon Cognito | 0 | 0 | 0 | 0 | 1 | 0 | 1 |
| Auth0 | 0 | 0 | 2 | 8 | 3 | 8 | 21 |
| Akamai (Janrain) | 0 | 1 | 0 | 0 | 0 | 0 | 1 |
| ForgeRock | 0 | 0 | 0 | 1 | 2 | 0 | 3 |
| MicroFocus | 0 | 0 | 0 | 2 | 0 | 0 | 2 |
| Okta | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| OneLogin | 0 | 0 | 1 | 0 | 3 | 0 | 4 |
| Oracle | 0 | 0 | 1 | 4 | 0 | 3 | 8 |
| Ping Identity | 0 | 0 | 3 | 0 | 1 | 0 | 4 |
