A turning point for CVE numbers
A turning point for CVE numbers
Posted Feb 16, 2024 0:25 UTC (Fri) by bluca (subscriber, #118303)In reply to: A turning point for CVE numbers by farnz
Parent article: A turning point for CVE numbers
Posted Feb 16, 2024 10:12 UTC (Fri)
by farnz (subscriber, #17727)
[Link] (3 responses)
That ship sailed a long time ago; the system is currently being flooded with bogus CVEs by "security" people looking to pad their CVs with a large number of discovered CVEs. At least this way round, the kernel controls the flood, instead of being flooded by other people's demands.
Posted Feb 16, 2024 11:06 UTC (Fri)
by bluca (subscriber, #118303)
[Link] (2 responses)
Posted Feb 16, 2024 12:00 UTC (Fri)
by pizza (subscriber, #46)
[Link] (1 responses)
Look, you may have expertise in some areas (eg knowledge of how EU regs work etc) but that does not automatically make you the domain expert in other areas.
Especially when you're digging in on a position directly contrary to the literal "this is why we're doing this" words coming out of the actual domain experts' mouths.
Posted Feb 16, 2024 12:17 UTC (Fri)
by bluca (subscriber, #118303)
[Link]
Look, every single Linux distribution has systems and teams to deal with CVEs and security updates. Of course there is abuse, of course there are bogus ones being raised. It is not 80%, it is not the majority, it is not flooding. Could things be improved? Sure. Flooding the system with a bogus CVE for every commit is not the way to do that, quite the opposite.
A turning point for CVE numbers
A turning point for CVE numbers
A turning point for CVE numbers
A turning point for CVE numbers