Skip to main content

Search

Items tagged with: cvss


100% agreed that the CVSS scoring system and "assume the worst" guidance makes for scores that do not accurately reflect importance. Especially for very broad-use things.

My take on this is that. like it or not, more open source projects of note need to become "CNA" (certificate numbering authorities) of their own which I understand can given them some control over the content of CVEs filed against their project. cve.org/ProgramOrganization/CN…

#cve #cvss #cna #oss

#oss #cve #cvss #CNA

⇧