Backlogs at National Vulnerability Database prompt action from NIST and CISA
(www.csoonline.com)
from BrikoX@lemmy.zip to cybersecurity@sh.itjust.works on 15 May 2024 06:46
https://lemmy.zip/post/15468365
from BrikoX@lemmy.zip to cybersecurity@sh.itjust.works on 15 May 2024 06:46
https://lemmy.zip/post/15468365
A crisis at the key US service for ranking vulnerabilities has been fueled by short resources and an explosion of security flaws as the volume of software production increases.
threaded - newest
This article seems full of people in deep denial about the fact that the whole scoring and prioritizing aspect takes significantly more effort than fixing the vulnerabilities and is only of interest to the kind of large corporation who wants to use old versions (i.e. wants to be selective about which changes to an upstream project they use) but who isn’t willing to pay for the extra effort.