Public
- Public
- Network
- Groups
- Featured
- Popular
- People

Nick Leali Hi Daniel. We've talked about this in the CVSS SIG. CVSS cer- tainly isn’t perfect. We are actively discussing guidance about how library maintainers and vendors can provide scor- ing on a per-platform basis to capture impacts that are more tailored to different environments. | agree that it’s difficult to express one CVSS assessment that works for all platforms, but that’s how the ecosystem has developed. And, sometimes analysts get things wrong. | encourage anyone to provide feedback to the CVSS SIG about ways we can improve the standard to work better for everyone. Please reach out.

Download link

Nick Leali Hi Daniel. We've talked about this in the CVSS SIG. CVSS cer- tainly isn’t perfect. We are actively discussing guidance about how library maintainers and vendors can provide scor- ing on a per-platform basis to capture impacts that are more tailored to different environments. | agree that it’s difficult to express one CVSS assessment that works for all platforms, but that’s how the ecosystem has developed. And, sometimes analysts get things wrong. | encourage anyone to provide feedback to the CVSS SIG about ways we can improve the standard to work better for everyone. Please reach out.
https://files.mastodon.social/media_attachments/files/113/993/114/658/783/791/original/b3b09d39f61402db.png

Notices where this attachment appears

Embed this notice
daniel:// stenberg:// (bagder@mastodon.social)'s status on Thursday, 13-Feb-2025 07:16:30 JST daniel:// stenberg://

I love it when my blog posts are read by the right people:
https://daniel.haxx.se/blog/2025/01/23/cvss-is-dead-to-us/comment-page-1/#comment-27130

In conversation about 9 days ago from mastodon.social permalink