In many educational institutes, learning management systems are essential parts of delivering class materials not only for on-line courses but also on-campus classes. The primary purpose of learning management system is to provide proper virtual educational environments and convenient communicational channels between instructors and students letting them to overcome the barrier of time and space for the general schooling. In this paper, we are investigating the security vulnerabilities in such learning management systems. Especially, we are examining the vulnerability discovery process in the two popular learning management systems, Moodle and Blackboard, using datasets spanning a decade. We applied two vulnerability discovery models to examine the vulnerability discovery process quantitatively. The discovery models allow us to estimate the approximate number of vulnerabilities likely to be discovered in software systems in the future. It also helps policy makers when they need to decide which learning management systems will be adopted for their organizations when security is an extremely important factor. Result shows that the vulnerability discovery process in learning management systems could be predictable which could be utilized for IT risk assessment in organizations having the systems.