A [recent tweet](https://twitter.com/ExodusIntel/status/491247299054428160) from Exodus Intel (a company based in Austin, Texas) generated quite some noise on the Internet:
Tails ships a lot of software, from the Linux kernel to a fully functional desktop, including a web browser and a lot of other programs. Tails also adds a bit of custom software on top of this.
Security issues are discovered every month in a few of these programs.Some people report such vulnerabilities, and then they get fixed: This is the power of free and open source software. Others don't disclose them, but run lucrative businesses by weaponizing and selling them instead. This is not new and [comes as no surprise](https://www.eff.org/deeplinks/2012/03/zero-day-exploit-sales-should-be-key-point-cybersecurity-debate).