Comment by boomlinde
2 days ago
I guess that the perceived problem from a security perspective is that they're there, not that they're necessarily hard to fix once found.
2 days ago
I guess that the perceived problem from a security perspective is that they're there, not that they're necessarily hard to fix once found.
The main beef is the noise created around these disclosures instead of sending patches to fix the bugs.
If you quietly patch the vulnerable software it's unlikely that I will ever hear about the vulnerability. CVE disclosure is important because that's how I learn of security problems in software I critically depend on. It's not merely a service to the maintainers, but to the users who might otherwise critically depend on vulnerable software.