Embed Notice

HTML Code

<blockquote style="position: relative; padding-left: 55px;"><section><a href="https://infosec.exchange/users/kurtseifried/statuses/113034199490495753">kurtseifried (he/him) (kurtseifried@infosec.exchange)'s status on Tuesday, 27-Aug-2024 22:55:50 JST</a><a href="https://infosec.exchange/@kurtseifried" title="kurtseifried@infosec.exchange"><img src="https://gnusocial.jp/avatar/106037-48-20240108191701.webp" width="48" height="48" alt="kurtseifried (he/him)" style="position: absolute; left: 0; top: 0;">kurtseifried (he/him)</a><div><a href="https://social.kernel.org/objects/9f94f71c-2441-46dd-bbd3-6b81420f14d7" rel="in-reply-to">in reply to</a><ul><li></ul></div></section><article><p><a href="https://social.kernel.org/users/gregkh">@gregkh</a> actually 3000 is not a lot. I’m looking at the data and there’s some interesting trends with other CNAs. </p><p>There’s also also two  CVE ecosystems now: the open source and the closed source. Most People are used to dealing with the closed source involves applying patches, made available by the vendor products that they have deployed.</p><p>But now they’re having to deal with the open source, and they have to do their own homework as it were, figuring out if they use this source in anything ( they likely have because of dependency chains), and remediating it on their own.</p></article><footer><a rel="bookmark" href="https://gnusocial.jp/conversation/3575420#notice-7016837">In conversation</a><time datetime="2024-08-27T22:55:50+09:00" title="Tuesday, 27-Aug-2024 22:55:50 JST">about 11 months ago</time> <span>from <span><a href="https://infosec.exchange/@kurtseifried/113034199490495753" rel="external" title="Sent from infosec.exchange via ActivityPub">infosec.exchange</a></span></span><a href="https://infosec.exchange/@kurtseifried/113034199490495753">permalink</a></footer></blockquote>

Corresponding Notice

Embed this notice
kurtseifried (he/him) (kurtseifried@infosec.exchange)'s status on Tuesday, 27-Aug-2024 22:55:50 JSTkurtseifried (he/him)
in reply to
- Greg K-H
@gregkh actually 3000 is not a lot. I’m looking at the data and there’s some interesting trends with other CNAs.
There’s also also two CVE ecosystems now: the open source and the closed source. Most People are used to dealing with the closed source involves applying patches, made available by the vendor products that they have deployed.
But now they’re having to deal with the open source, and they have to do their own homework as it were, figuring out if they use this source in anything ( they likely have because of dependency chains), and remediating it on their own.
In conversationabout 11 months ago from infosec.exchangepermalink

Public

Embed Notice

HTML Code

Corresponding Notice