CVSS is dead to us
daniel.haxx.se
CVSS is short for Common Vulnerability Scoring System and is according to Wikipedia a technical standard for assessing the severity of vulnerabilities in computing systems. Typically you use an online CVSS calculator, click a few checkboxes and radio buttons and then you magically get a number from 0 to 10. There are also different versions … Continue reading CVSS is dead to us →

Daniel Stenberg says the scores are “security misinformation”.

  • BestBouclettes@jlai.luEnglish
    7·
    4 days ago

    Nah, the last few high scoring CVEs curl got were really niche buffer overflows or potential security issues.
    He’s been very vocal about this. Yeah it’s a bug, and usually an easy fix, but they scored like 8 or 9 on CVSS. Which is disproportionate compared to a lot of other 8s or 9s.
    I can understand the frustration there.