|
|
|
|
|
|
by mustache_kimono
1154 days ago
|
|
|
The CVEs / Install Base ratio is a pretty silly metric for determining the security of a product. A large number of CVEs could tell you that the users and developers of a particular product care a lot (or are paranoid or are simply security minded) about security, and want to give notice of issues to as many people as possible. This is a live issue in the Rust community, which does appear to care a great deal about security, as to how to deal with minor/theoretical vulnerabilities perhaps unworthy of a CVE. |
|
|