diff --git a/security/vm-sudo.md b/security/vm-sudo.md
index ef76085a..fd6c6b36 100644
--- a/security/vm-sudo.md
+++ b/security/vm-sudo.md
@@ -39,8 +39,8 @@ Background ([/etc/sudoers.d/qubes](https://github.com/QubesOS/qubes-core-agent-l
     # and for sure, root/user isolation is not a mitigating factor.
     #
     # Because, really, if somebody could find and exploit a bug in the Xen
-    # hypervisor -- so far there have been only one (!) publicly disclosed
-    # exploitable bug in the Xen hypervisor from a VM, found in 2008,
+    # hypervisor -- as of 2016, there have been only three publicly disclosed
+    # exploitable bugs in the Xen hypervisor from a VM -- then it would be
     # incidentally by one of the Qubes developers (RW) -- then it would be
     # highly unlikely if that person couldn't also found a user-to-root
     # escalation in VM (which as we know from history of UNIX/Linux