[$] CVE-less vulnerabilities

More bugs in free software are being found these days, which is good for many reasons, but there are some possible downsides to that as well. In addition, projects like OSS-Fuzz are finding lots of bugs in an automated fashion—many of which may be security relevant. The sheer number of bugs being reported is overwhelming many (most?) free-software projects, which simply do not have enough eyeballs to fix, or even triage, many of the reports they receive. A discussion about that is currently playing out on the oss-security mailing list.

Continue Reading — [$] CVE-less vulnerabilities

What is in your mind, about this post ? Leave a Reply

Close
  Our next learning article is ready, subscribe it in your email

What is your Learning Goal for Next Six Months ? Talk to us