I was in a meeting today and I realized something profound
We are currently in a post #CVE world
That probably don’t make sense to a lot of people, and I need to think about it more
But here’s the basics of it
The CVE data is so comically bad, nobody actually doing #vulnerability work can use it. The ID is all we use. We have to look in other databases and collect or own facts
Automated tools rely on sources like #GitHub, #GitLab, and #OSV. Other than the ID, CVE doesn’t really matter anymore