cron@feddit.org to Cybersecurity - Memes@lemmy.world · 28 days agoWe're probably not the only ones running outdated softwarefeddit.orgimagemessage-square45fedilinkarrow-up1377arrow-down16file-text
arrow-up1371arrow-down1imageWe're probably not the only ones running outdated softwarefeddit.orgcron@feddit.org to Cybersecurity - Memes@lemmy.world · 28 days agomessage-square45fedilinkfile-text
minus-squareOhNoMoreLemmylinkfedilinkarrow-up3·28 days agoYeah, that’s because there’s an entire cottage industry of people scraping old bug reports, and linter errors to create CVEs they can sell to customers worrying about security. It creates a huge number of false positives. E.g. see https://daniel.haxx.se/blog/2023/08/26/cve-2020-19909-is-everything-that-is-wrong-with-cves/ I think any measure that is looking at a raw count is going to be meaningless. Particularly, comparing raw counts between open and closed software.
Yeah, that’s because there’s an entire cottage industry of people scraping old bug reports, and linter errors to create CVEs they can sell to customers worrying about security. It creates a huge number of false positives. E.g. see https://daniel.haxx.se/blog/2023/08/26/cve-2020-19909-is-everything-that-is-wrong-with-cves/
I think any measure that is looking at a raw count is going to be meaningless. Particularly, comparing raw counts between open and closed software.