Search
Items tagged with: cvss
Yet another overzealous #CVSS assignment causing undue alarm: openwall.com/lists/oss-securit⦠- Apparently this #memory #leak is CVSS 9.8
100% agreed that the CVSS scoring system and "assume the worst" guidance makes for scores that do not accurately reflect importance. Especially for very broad-use things.
My take on this is that. like it or not, more open source projects of note need to become "CNA" (certificate numbering authorities) of their own which I understand can given them some control over the content of CVEs filed against their project. cve.org/ProgramOrganization/CNβ¦