Free and Open Source Software

17931 readers

117 users here now

If it's free and open source and it's also software, it can be discussed here. Subcommunity of Technology.

This community's icon was made by Aaron Schneider, under the CC-BY-NC-SA 4.0 license.

founded 2 years ago

MODERATORS

Gaywallet@beehaw.org

alyaza@beehaw.org

CVE-2020-19909 is everything that is wrong with CVEs (wetdry.world)

submitted 1 year ago* (last edited 1 year ago) by rinaderp@wetdry.world to c/foss@beehaw.org

9 comments fedilink hide all child comments

CVE-2020-19909 is everything that is wrong with CVEs

https://daniel.haxx.se/blog/2023/08/26/cve-2020-19909-is-everything-that-is-wrong-with-cves/

@foss

you are viewing a single comment's thread
view the rest of the comments

[–] chaorace@lemmy.sdf.org 11 points 1 year ago

Should the NVD be deeply involved in all of them just to provide the most accurate security score? That’s an impossible ask.

This is a false dilemma. If the task is truly impossible, that's not a valid excuse to try anyway and fail repeatedly, especially if doing so causes negative externalities. Numbered scores with decimal precision are not necessary to the core functionality of a CVE database and there are plenty of alternative solutions which would minimize harm and scale more economically.