A crisis at the key US service for ranking vulnerabilities has been fueled by short resources and an explosion of security flaws as the volume of software production increases.
A crisis at the key US service for ranking vulnerabilities has been fueled by short resources and an explosion of security flaws as the volume of software production increases.
This article seems full of people in deep denial about the fact that the whole scoring and prioritizing aspect takes significantly more effort than fixing the vulnerabilities and is only of interest to the kind of large corporation who wants to use old versions (i.e. wants to be selective about which changes to an upstream project they use) but who isn’t willing to pay for the extra effort.