The difference is Cisco finds vulnerabilities, patches them and reports them.
Yes, some are severe - most of the infrastructure vulnerabilities are very specific issues and have workarounds (i.e. ACL's using existing features of the product) available.
For WebEx, yes it is high profile but is it part of the core product or an add-on utility where equivlent products from other vendors have similar issues? How often have you used offline players with other products or do the not have that functionality?
