cron@feddit.org to Cybersecurity - Memes@lemmy.world · 3 months agoWe're probably not the only ones running outdated softwarefeddit.orgimagemessage-square45fedilinkarrow-up1367arrow-down16file-text
arrow-up1361arrow-down1imageWe're probably not the only ones running outdated softwarefeddit.orgcron@feddit.org to Cybersecurity - Memes@lemmy.world · 3 months agomessage-square45fedilinkfile-text
minus-squareOhNoMoreLemmy@lemmy.mllinkfedilinkarrow-up3·3 months agoYeah, that’s because there’s an entire cottage industry of people scraping old bug reports, and linter errors to create CVEs they can sell to customers worrying about security. It creates a huge number of false positives. E.g. see https://daniel.haxx.se/blog/2023/08/26/cve-2020-19909-is-everything-that-is-wrong-with-cves/ I think any measure that is looking at a raw count is going to be meaningless. Particularly, comparing raw counts between open and closed software.
Yeah, that’s because there’s an entire cottage industry of people scraping old bug reports, and linter errors to create CVEs they can sell to customers worrying about security. It creates a huge number of false positives. E.g. see https://daniel.haxx.se/blog/2023/08/26/cve-2020-19909-is-everything-that-is-wrong-with-cves/
I think any measure that is looking at a raw count is going to be meaningless. Particularly, comparing raw counts between open and closed software.