Embed Notice

HTML Code

<blockquote style="position: relative; padding-left: 55px;"><section><a href="https://mastodon.social/users/bagder/statuses/114268769663986402">daniel:// stenberg:// (bagder@mastodon.social)'s status on Thursday, 03-Apr-2025 04:09:18 JST</a><a href="https://mastodon.social/@bagder" title="bagder@mastodon.social"><img src="https://gnusocial.jp/avatar/5732-48-20220816094715.webp" width="48" height="48" alt="daniel:// stenberg://" style="position: absolute; left: 0; top: 0;">daniel:// stenberg://</a><div><a href="https://infosec.exchange/@joshbressers/114268753172732887" rel="in-reply-to">in reply to</a><ul><li><li><a href="https://gnusocial.jp/user/101452" title="gregkh@social.kernel.org">Greg K-H</a></li><li><a href="https://gnusocial.jp/user/138318" title="joshbressers@infosec.exchange">Josh Bressers</a></li><li><a href="https://gnusocial.jp/user/231064" title="thenewstack@hachyderm.io">The New Stack</a></li></ul></div></section><article><p><a href="https://infosec.exchange/@joshbressers">@joshbressers</a> <a href="https://social.kernel.org/users/gregkh">@gregkh</a> <a href="https://hachyderm.io/@TheNewStack">@TheNewStack</a> <a href="https://mastodon.social/@sjvn">@sjvn</a> agreed.</p><p>We are proposing OSS projects to be able opt out of getting CVE records "improved" by CVSS.</p><p>We are also discussing how smaller OSS projects could get an existing CNA to deal with their CVEs (their scope really), as if they were a CNA.</p><p>This within the "OSS CNA group" that has been started featuring curl, kernel, perl, and lots of linux distros ppl etc.</p></article><footer><a rel="bookmark" href="https://gnusocial.jp/conversation/4834792#notice-9467921">In conversation</a><time datetime="2025-04-03T04:09:18+09:00" title="Thursday, 03-Apr-2025 04:09:18 JST">about 4 days ago</time> <span>from <span><a href="https://mastodon.social/@bagder/114268769663986402" rel="external" title="Sent from mastodon.social via ActivityPub">mastodon.social</a></span></span><a href="https://mastodon.social/@bagder/114268769663986402">permalink</a></footer></blockquote>

Corresponding Notice

Embed this notice
daniel:// stenberg:// (bagder@mastodon.social)'s status on Thursday, 03-Apr-2025 04:09:18 JSTdaniel:// stenberg://
in reply to
@joshbressers @gregkh @TheNewStack @sjvn agreed.
We are proposing OSS projects to be able opt out of getting CVE records "improved" by CVSS.
We are also discussing how smaller OSS projects could get an existing CNA to deal with their CVEs (their scope really), as if they were a CNA.
This within the "OSS CNA group" that has been started featuring curl, kernel, perl, and lots of linux distros ppl etc.
In conversationabout 4 days ago from mastodon.socialpermalink

Public

Embed Notice

HTML Code

Corresponding Notice