|
|
|
|
|
|
by xign
986 days ago
|
|
|
That blog post is talking about something else though. He's saying that the CVE system does not do a good job and allows for people who drums up severity for drama. That is just a generic issue he has with the procedure. You can have severity written in C to JavaScript to even Rust, or just simple configuration mistakes. That's not what he's complaining about. In fact, him saying that this vulnerability is high is part of the point. If every single bug or vulnerability is a "high" severity bug, then nothing really is. It's only when you use this rating when it makes sense to that it would have the proper impact. |
|
|