Too JBIG for their own britches
Adobe received roughly half of the submitted nominations in this category for a number of reasons, ranging from their lack of an initial public response to the active exploitation of JBIG2, to taking one month to patch it (almost a month after Lurene Grenier released her unofficial patch), and finally for having made Adobe Reader the most insecure and widespread application since IE6 (complete with Javascript for extra reliable exploitation).