• lightnegative@lemmy.world
    link
    fedilink
    English
    arrow-up
    4
    ·
    8 months ago

    If you can’t demonstrate an attack they will assume the issue isn’t exploitable.

    Absolutely. Theory doesn’t always equal reality. The security guys submitting CVE’s to pad their resumes should absolutely be required to submit a working exploit. If they can’t then they’re just making needless noise

    • Killing_Spark@feddit.de
      link
      fedilink
      English
      arrow-up
      8
      ·
      8 months ago

      There are definitely bullshit cves out there but I don’t think that’s a good general rule. Especially in this context where it’s literally unpatchable at the root of the problem.