CVSS is short for Common Vulnerability Scoring System and is according to Wikipedia a technical standard for assessing the severity of vulnerabilities in computing systems. Typically you use an online CVSS calculator, click a few checkboxes and radio buttons and then you magically get a number from 0 to 10. There are also different versions … Continue reading CVSS is dead to us →
Daniel Stenberg says the scores are “security misinformation”.
Nah, the last few high scoring CVEs curl got were really niche buffer overflows or potential security issues.
He’s been very vocal about this. Yeah it’s a bug, and usually an easy fix, but they scored like 8 or 9 on CVSS. Which is disproportionate compared to a lot of other 8s or 9s.
I can understand the frustration there.
Or actually significant and consistent values that also happen to make you look bad today so they must suck and be ditched.
Did I get that right? SOUNDS right…
Nah, the last few high scoring CVEs curl got were really niche buffer overflows or potential security issues.
He’s been very vocal about this. Yeah it’s a bug, and usually an easy fix, but they scored like 8 or 9 on CVSS. Which is disproportionate compared to a lot of other 8s or 9s.
I can understand the frustration there.