you declared that research into the security impact of fixes is 'Pure noise, a complete waste of effort' due to false negatives and positives. you can't have this both ways, i'm afraid ;).
> but it isn't part of each program's change log either.
care to list a few projects (preferably something as 'important' as linux) that actively suppress CVE info as linux developers do?
Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds