CVE-less vulnerabilities

On top of that I want to challenge the perverse incentive a bit. Yes, it is there, but Red Hat also wants it’s software to be popular and used a lot, otherwise it had no large user base to draw customers from. So it isn’t a 100% bad incentive - it is ‘complicated’ and I’d argue it kind of balances out.