It’s funny, it used to be impossible to get valid vulns assigned a CVE if the vendor wasn’t cooperating.
And now it seems it’s possible to spam bogus CVE entries for mostly OSS projects, which devalues the use of CVE… while it’s also nearly impossible to get a valid CVE if a vendor who is a CNA stonewalls you.
And now it seems it’s possible to spam bogus CVE entries for mostly OSS projects, which devalues the use of CVE… while it’s also nearly impossible to get a valid CVE if a vendor who is a CNA stonewalls you.