GNU social JP
  • FAQ
  • Login
GNU social JPは日本のGNU socialサーバーです。
Usage/ToS/admin/test/Pleroma FE

  • Public

    • Public
    • Network
    • Groups
    • Featured
    • Popular
    • People

Conversation

Notices

  1. Embed this notice
    Matt "msw" Wilson (msw@mstdn.social)'s status on Wednesday, 16-Apr-2025 14:24:25 JST Matt "msw" Wilson Matt "msw" Wilson
    in reply to

    This is what the #CVE and CPE system does.

    We can chose to make the system different.

    https://github.com/madler/zlib/issues/868#issuecomment-2807804350

    In conversation about a month ago from mstdn.social permalink
    • Embed this notice
      Matt "msw" Wilson (msw@mstdn.social)'s status on Wednesday, 16-Apr-2025 14:24:26 JST Matt "msw" Wilson Matt "msw" Wilson
      in reply to

      I’m actually quite OK with this.

      The broader community is very good at detecting situations like these as damage, and routing around.

      Just like the Internet. Right?

      We had public disclosure and known vulnerability databases before CVE. And nothing is stopping those who have a shared need from coming together to fill a vacuum…
      #cve

      In conversation about a month ago permalink
      Alfred M. Szmidt repeated this.
    • Embed this notice
      Matt "msw" Wilson (msw@mstdn.social)'s status on Wednesday, 16-Apr-2025 14:24:27 JST Matt "msw" Wilson Matt "msw" Wilson

      Reflecting tonight on the #CVE program, all it has given us, and how frustrated I’ve been because of what does, and what it fails to do.

      Unfortunately there is no point in claiming that the purpose of a system is to do what it constantly fails to do…

      #InfoSec #SBOM #OpenSource

      In conversation about a month ago permalink
    • Embed this notice
      Matt "msw" Wilson (msw@mstdn.social)'s status on Friday, 18-Apr-2025 00:54:05 JST Matt "msw" Wilson Matt "msw" Wilson
      in reply to

      I frequently grump about what the #CVE system has become in practice. Folks may think that I’m not a proponent of the program. That’s not true at all. I’m an advocate for it, and for all those who pour their time and talent into it (often voluntarily).

      But, IMO it is an overstatement to say that a CVE is a critical element in coordinating response to emerging vulnerabilities like heartbleed or log4shell. Embargoed critical vulns are rarely identified with CVEs among defenders.

      #InfoSec #CVD

      In conversation about a month ago permalink
    • Embed this notice
      Matt "msw" Wilson (msw@mstdn.social)'s status on Friday, 18-Apr-2025 03:38:05 JST Matt "msw" Wilson Matt "msw" Wilson
      • Kevin Beaumont

      @GossiTheDog but do they need to be?

      How many of them need to be actively managed in a globally coordinated way?

      Should every organization attempt to interpret the information present in CVEs, and the CVE information ecosystem _directly_?

      In conversation about a month ago permalink

Feeds

  • Activity Streams
  • RSS 2.0
  • Atom
  • Help
  • About
  • FAQ
  • TOS
  • Privacy
  • Source
  • Version
  • Contact

GNU social JP is a social network, courtesy of GNU social JP管理人. It runs on GNU social, version 2.0.2-dev, available under the GNU Affero General Public License.

Creative Commons Attribution 3.0 All GNU social JP content and data are available under the Creative Commons Attribution 3.0 license.