Since tripRsystem has raised the same issue in two threads I'm posting my response in two threads. My apologies to those who've read this already...
Sorry, but I just don't see the point in thinking in terms of marketing and conventional business strategies. Vector Linux makes exactly zero dollars if one new user downloads and installs VL or if a million do. Yes, a few more people might by SOHO if it's more popular and I suppose that's good. Most Linux companies make their money selling support and consulting services. Marketing the new support offerings to businesses makes sense. Worrying about if we're ranked 15th or 23rd on Distrowatch makes no sense and IMHO simply doesn't matter.
I'm a Linux professional and I would *NEVER* recommend Vector Linux to one of my customers for use either on the desktop or in the server room. Why not? When known security issues crop up sometimes someone gets a new package to fix the problem out. Sometimes not. Sometimes it happens quickly, sometimes it happens eventually, and sometimes it never happens at all. If a security fix is packaged does it get tested and moved to the repositories promptly? VL's history says no, absolutely not!
Do we inform users of security issues? Sometimes yes, mostly no. We have the mechanisms to do it in the forum, on the website, and via RSS. Everything is in place and it's rarely used. Look at the website -- no security news since July yet in August both DoS and buffer overflow vulnerabilities were discovered in xine-lib. The good news is toothandnail did make a new package. The bad news is that it just got into the patches repository a few days ago. No information about it was ever disseminated to the users.
If VL wants to be taken seriously it needs to get its act in order when it comes to security. That probably isn't going to happen on a volunteer basis.