Search
Items tagged with: cvss
Yet another overzealous #CVSS assignment causing undue alarm: https://www.openwall.com/lists/oss-security/2023/06/20/6 - Apparently this #memory #leak is CVSS 9.8
100% agreed that the CVSS scoring system and "assume the worst" guidance makes for scores that do not accurately reflect importance. Especially for very broad-use things.
My take on this is that. like it or not, more open source projects of note need to become "CNA" (certificate numbering authorities) of their own which I understand can given them some control over the content of CVEs filed against their project. https://www.cve.org/ProgramOrganization/CNAs