For me, CVSS and the people who use it lost all credibility when they asked my t... | Hacker News

Hacker Timesnew | past | comments | ask | show | jobs | submit

		lokar on March 8, 2024 \| parent \| context \| favorite \| on: Dear Linux Kernel CNA, what have you done? For me, CVSS and the people who use it lost all credibility when they asked my team for a urgent update to patch… a pcmcia bug in the kernel of our EC2 instances.

tptacek on March 8, 2024 [–]

It's so easy to come up with stories about this that you don't really even need examples. I think everybody just sort of understands that if you put CVSS to the test, it would be ludicrously easy to stack two 8.0+ vulnerabilities next to each other with wildly different severity.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact