|
|
|
|
|
|
by gnfargbl
840 days ago
|
|
|
They're also, equally categorically, not "a list of every bug in every system." If you want that, make a new enumeration. As 'arp242 says, we need to consider what is useful. Pretending that all CVEs are severe and must be addressed immediately is not useful. Spamming the CVE database with every bug in your tracker is not useful. Replacing CVEs (and CPEs, which are equally terrible) with something new would be extremely helpful. My question is, who funds that work? NIST currently appear to have NVD resourcing issues, based on the banner on their website. |
|
|