Embed Notice

HTML Code

<blockquote style="position: relative; padding-left: 55px;"><section><a href="https://fosstodon.org/users/kernellogger/statuses/112054223576853071">Thorsten Leemhuis (acct. 1/4) (kernellogger@fosstodon.org)'s status on Friday, 08-Mar-2024 21:35:02 JST</a><a href="https://fosstodon.org/@kernellogger" title="kernellogger@fosstodon.org"><img src="https://gnusocial.jp/avatar/109466-48-20230324184559.webp" width="48" height="48" alt="Thorsten Leemhuis (acct. 1/4)" style="position: absolute; left: 0; top: 0;">Thorsten Leemhuis (acct. 1/4)</a></section><article><p>"[…] It is clear that the current process is based on the learnings, and frustrations, the [<a href="https://fosstodon.org/tags/Linux" rel="tag">#Linux</a> <a href="https://fosstodon.org/tags/kernel" rel="tag">#kernel</a>'s CVE] team has faced in the past. […] By taking this position, this effort is now duplicated across thousands of engineering teams ad infinitum, […]"</p><p>Well, yeah, but guess what: maybe then the companies behind those engineering teams will join up and invest money to handle the problem "[…] at the source, in a central, efficient and reliable manner. […]". 😬 </p><p><a href="https://amanitasecurity.com/posts/dear-linux-kernel-cna-what-have-you-done/" rel="nofollow noreferrer">https://amanitasecurity.com/posts/dear-linux-kernel-cna-what-have-you-done/</a></p></article><footer><a rel="bookmark" href="https://gnusocial.jp/conversation/2802642#notice-5558809">In conversation</a><time datetime="2024-03-08T21:35:02+09:00" title="Friday, 08-Mar-2024 21:35:02 JST">about a year ago</time> <span>from <span><a href="https://fosstodon.org/@kernellogger/112054223576853071" rel="external" title="Sent from fosstodon.org via ActivityPub">fosstodon.org</a></span></span><a href="https://fosstodon.org/@kernellogger/112054223576853071">permalink</a><h4>Attachments</h4><ol><li><article><header><div>No result found on File_thumbnail lookup.</div><h5><a href="https://amanitasecurity.com/posts/dear-linux-kernel-cna-what-have-you-done/">Dear Linux Kernel CNA, What Have You Done ?</a></h5><div> from <span>Amanita Security</span></div></header><div>The Linux Kernel project’s new CVE Numbering Authority (CNA) has a large impact on product manufacturers. Explore the complexities introduced by the new CVE assignment process, the challenges of frequent updates for electronic devices, and the burden placed on organizations due to the assignment of CVEs for non-security issues.</div><footer></footer></article></li></ol></footer></blockquote>

Corresponding Notice

Embed this notice
Thorsten Leemhuis (acct. 1/4) (kernellogger@fosstodon.org)'s status on Friday, 08-Mar-2024 21:35:02 JST Thorsten Leemhuis (acct. 1/4)
"[…] It is clear that the current process is based on the learnings, and frustrations, the [#Linux #kernel's CVE] team has faced in the past. […] By taking this position, this effort is now duplicated across thousands of engineering teams ad infinitum, […]"
Well, yeah, but guess what: maybe then the companies behind those engineering teams will join up and invest money to handle the problem "[…] at the source, in a central, efficient and reliable manner. […]". 😬
https://amanitasecurity.com/posts/dear-linux-kernel-cna-what-have-you-done/
In conversationabout a year ago from fosstodon.orgpermalink
Attachments
1. No result found on File_thumbnail lookup.
  Dear Linux Kernel CNA, What Have You Done ?
  from Amanita Security
  The Linux Kernel project’s new CVE Numbering Authority (CNA) has a large impact on product manufacturers. Explore the complexities introduced by the new CVE assignment process, the challenges of frequent updates for electronic devices, and the burden placed on organizations due to the assignment of CVEs for non-security issues.

Public

Embed Notice

HTML Code

Corresponding Notice