WingNews logo WingNews
top | item 40859980

(no title)

aPoCoMiLogin | 1 year ago

i only want the score to represent real threat, not what features it includes, as that is meaningless in the long run. i agree that it shouldn't include "i think is bad" as that is meaningless as well, the score should represent the threat, not the features.

because i'm checking dependabot [0][1] regularly, there is a lot of issues with very high scores for frontend libraries, that have really low impact, because it "checks" some features. eg some plugin for jquery (frontend lib) [2] that has the same score as heartbleed, which is insane and shows how useless the score is in current form.

- https://docs.github.com/en/code-security/dependabot/dependab...

- https://github.com/advisories?query=type%3Areviewed

- https://github.com/advisories/GHSA-ffmh-x56j-9rc3

discuss

order

No comments yet.