@WPalant @c0debabe CVEs are tool enablers. If there's a CVE, then it massively increases the ability of organizations to use tools to identify instances of the vulnerability and track progress towards mitigation and repair. If it's serious enough that you want organizations to actively find and patch it, it's absolutely worth the effort to create the CVE record.

In orgs who patch CVEs in days, non-CVE patches get applied in months or years because execs go "no CVE, it can't be that bad"

Sign in to participate in the conversation

A bunch of technomancers in the fediverse. Keep it fairly clean please. This arcology is for all who wash up upon it's digital shore.