|
|
|
|
|
|
by gtirloni
841 days ago
|
|
|
> Because of this, the CVE assignment team is overly cautious and assign CVE numbers to any bugfix that they identify Shouldn't this strategy lead to the opposite? By being overly cautious they should only assign CVEs for real demonstrable security issues. |
|
|
Being cautious here means "it's better to assign a CVE when it's not a vulnerability, than to NOT assign a CVE when it's actually a vulnerability"