Seven years ago, the MySQL worm spread throughout the internet by taking advantage of a critical vulnerability in MySQL authentication on Windows. Before the worm, I hadn't really believed Marten Mickos' claims about the number of MySQL installations. Once over 30,000 servers were infected, though, I believed him.
Well, given the vulnerability announced and patched today, I think we'll have a chance to find out how many PostgreSQL servers there are. You have updated your servers, right?
In the PostgreSQL world, we're used to thinking in terms of a few thousand users because that's the number which is active in the community and that we hear from regularly. It's likely that today's vulnerability will show us how many PostgreSQL users there really are. For example, this security scanner finds over 120,000 PostgreSQL servers which are listening on port 5432 on public IPs (and if your server is on that list, you'd better patch it!).
No idea why 40% of these servers are in Poland. I had no idea that Depesz was that busy. A word to the wise, Depesz: firewalls?