[go: up one dir, main page]
More Web Proxy on the site http://driver.im/
|
|
Subscribe / Log in / New account

What to do about CVE numbers

What to do about CVE numbers

Posted Oct 7, 2019 13:50 UTC (Mon) by imMute (guest, #96323)
In reply to: What to do about CVE numbers by nim-nim
Parent article: What to do about CVE numbers

>so if unit A is still fixing years old CVes while unit B is fixing last week’s CVEs, you know which one has a problem

I'm not sure I do... Age [of a CVE] is not the only indicator of priority. Maybe Unit A has fixed all the "critical" CVEs and are now working their way through the "probably not even exploitable" CVEs from years ago.

to post comments

What to do about CVE numbers

Posted Oct 8, 2019 8:00 UTC (Tue) by nim-nim (subscriber, #34454) [Link]

Age [of a CVE] is not a perfect indicator but the best is the enemy of good and the IT industry in general is in such a woeful state it’s more than good enough to highlight companies that don’t really care about (product) bugfixing once a product is out of the door. Including companies which core business is IT security BTW.


Copyright © 2025, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds