HackerTrans
TopNewTrendsCommentsPastAskShowJobs

kseifried

no profile record

comments

kseifried
·há 4 anos·discuss
Web3 - The sequel nobody wanted but the studio had to make

https://docs.google.com/presentation/d/1V7UGmTw1pR6HsT8kF8dh...

TL;DR: All the current stuff is flaming garbage, but that's ok, we're basically where the web was in 1995. Just with a lot more scams instead of VC pitches.
kseifried
·há 6 anos·discuss
Also to reiterate: "which would not be eligible for CVEs, since this is pre-release snapshot software" is not correct. It's usually correct, but not 100%.
kseifried
·há 6 anos·discuss
Yeah and he's not the boss of CVE. If someone wanted a CVE for wireguard I'd be happy to help them get one.
kseifried
·há 6 anos·discuss
CVE does cover "pre-release" software, part of the argument being you can't simply label something as "beta" and escape CVE coverage especially if millions of people are using it (Google's Chrome web browser was a good example of this). For example:

https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=prereleases
kseifried
·há 6 anos·discuss
Sorry but... no. You are wrong. Completely wrong.

CVE is just an identifier for a security vulnerability.

"Common Vulnerabilities and Exposures"

CVE generally covers released software, hardware and (in the process or being added officially) services. It also covers beta software (https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=beta).

The reason Wireguard doesn't have CVEs is nobody has bothered to request them.

For more details on CVE there's a bunch of episodes covering it: https://www.opensourcesecuritypodcast.com/search?q=cve