|
|
|
|
|
|
by dogma1138
724 days ago
|
|
|
Sure, but if you are using the library is there is no way to disclose vulnerabilities within libraries you have no idea if you need to implement mitigations or not. There is no good solution here but not allowing CVEs to be assigned to libraries is by far the worst one. |
|
|