This really escalated with Heartbleed - it became about naming high profile vulnerabilities rather than core improvements to security

Over simplified journalism with unsupported claims. There is so much more that goes into securing an enterprise environment than plugging holes and making noise about following best practices.