top | item 39375911

(no title)

This is an insane standard and attempting to adhere to it would mean that the CVE database, which is already mostly full of useless, irrelevant garbage, is now just the bug tracker for _every single open source project in the world_.

discuss

TedDoesntTalk|2 years ago

This. CVE has become garbage because "security researchers" are incentivized to file anything and everything so they can put it on their resume.

xcrunner529|2 years ago

Why is it insane? The CVE goal was to track vulnerabilities that customers could be exposed to. It is used…in public, released versions. Why wouldn’t it be tracked?

whoknowsidont|2 years ago

Because it's not actually part of the distribution unless you compile it yourself.

It is not released any sense of the word. It is not even a complete feature.

I am actually completely shocked this needs to be explained. Legitimate insanity.

Reelix|2 years ago

You know that random thing you mucked around on Github X years ago then forgot about, and it's amongst 30 other random repos?

Should people file a CVE against that?