What is Nostr?
Dan Goodin /
npub1z3l…qvzu
2024-06-05 16:02:47

Dan Goodin on Nostr: The Linux Kernel project was made an official CVE Numbering Authority (CNA) with ...

The Linux Kernel project was made an official CVE Numbering Authority (CNA) with exclusive rights to issue CVE identifiers for the Linux kernal in February this year.

While initially this looked like good news, almost three months later, this has turned into a complete and utter disaster.

Over the past months, the Linux Kernel team has issued thousands of CVE identifiers, with the vast majority being for trivial bug fixes and not just security flaws.

Just in May alone, the Linux team issued over 1,100 CVEs, according to Cisco's Jerry Gamblin—a number that easily beat out professional bug bounty programs/platforms run by the likes of Trend Micro ZDI, Wordfence, and Patchstack.

https://news.risky.biz/risky-biz-news-the-linux-cna-mess/
Author Public Key
npub1z3lwfekw80j4ngzg6ky3ks202xr6uwnd4jttxzsd4euc9l55euvq48qvzu