Cisco releases much more than their share of bugs. Watch the CERT vulnerability lists and you'll almost always find some sort of Cisco product listed as a security vulnerability.I think most companies in fact do that. Cisco, Synposys, Cadence, etc would be out of business if they released stuff like Dish does.
http://www.kb.cert.org/vuls/