Chris Vest on Nostr: I'm noticing a shift in how developers perceive CVEs. There's a growing sentiment of ...
I'm noticing a shift in how developers perceive CVEs. There's a growing sentiment of "CVEs are often bogus. Disputing them is incredibly hard." People reach out to maintainers and just want to know if they need to upgrade, or silence the alert. The CVE system is eroding its trust by not properly vetting reports.
Published at
2023-10-19 17:30:23Event JSON
{
"id": "4c76d9078b17b8b748f9030f96958a0b9f87b36d4530bc2a1ce60eecaea64eb2",
"pubkey": "01c7baf432af197ecc748760743e8a25869faa5c475bea6880330e4d28025449",
"created_at": 1697736623,
"kind": 1,
"tags": [
[
"proxy",
"https://mastodon.social/users/chrisvest/statuses/111262867347943933",
"activitypub"
]
],
"content": "I'm noticing a shift in how developers perceive CVEs. There's a growing sentiment of \"CVEs are often bogus. Disputing them is incredibly hard.\" People reach out to maintainers and just want to know if they need to upgrade, or silence the alert. The CVE system is eroding its trust by not properly vetting reports.",
"sig": "f96be62a9419ad65434c30871302627194febf9de56122896a4e2c098007a9e7f08fe696384bcbfb54db7356fcd5ec1dab52b7fa6696ee03ca802133867dcc12"
}
