top | item 38017348

(no title)

Because they can.

They are one of the CVE gods, so they can veto issuance of CVEs against their products. That kind of power means you can move as slowly as you please.

discuss

semiquaver|2 years ago

BS. Being a CVE numbering authority (of which there are several hundred) does not grant a veto against CVE issuance. They are allowed to issue CVEs on their products but by no means are they the only authority that may issue them for Apple vulnerabilities.

viraptor|2 years ago

Also, you don't need to issue a CVE to publish a vulnerability. You just make it public regardless and say CVE was denied for it.