HackerTrans
TopNewTrendsCommentsPastAskShowJobs

grepknfss

no profile record

comments

grepknfss
·2 года назад·discuss
I think giving a patch its own identity is a pretty neat concept and clearly different than the git approach, so thanks for this example!
grepknfss
·2 года назад·discuss
> I'm technically aware, but do I really have the expertise and bandwidth to tell the difference between an actual CVE and one that isn't, for the whole database?

I sure don’t. But who does? Who gets paid by whom to make this all work? Apparently whatever is happening now ain’t it.
grepknfss
·2 года назад·discuss
On the one hand it seems like, if you are reporting a security issue, you should presumably have some kind of PoC. On the other hand we’ve seen plenty of exploits that required chaining a half dozen not-obviously-exploitable issues to achieve a successful exploit. If someone at MITRE has to adjudicate these issues for every CVE in all possible programming languages for all possible exploits for all possible software… well that seems like a tough job anyway.

I think the people using the CVE database as some kind of official source of actual security issues, as opposed to reported potential issues, is the problem.
grepknfss
·2 года назад·discuss
You should make the first instance of “PQRL” in your readme a link to that project.