[boomlinde]

I guess that the perceived problem from a security perspective is that they're there, not that they're necessarily hard to fix once found.

[duped]

The main beef is the noise created around these disclosures instead of sending patches to fix the bugs.

[boomlinde]

If you quietly patch the vulnerable software it's unlikely that I will ever hear about the vulnerability. CVE disclosure is important because that's how I learn of security problems in software I critically depend on. It's not merely a service to the maintainers, but to the users who might otherwise critically depend on vulnerable software.