Ferdinando Simonetti Jul 5, 2024
[ Quei CVE dubbiosi utili solamente a portare gli sviluppatori open-source a dover archiviare i propri progetti GitHub – Mia mamma usa Linux! ]
https://www.miamammausalinux.org/2024/07/quei-cve-dubbiosi-utili-solamente-a-portare-gli-sviluppatori-open-source-a-dover-archiviare-i-propri-progetti-github/ #CVE #Node-Ip #GitHub
Quei CVE dubbiosi utili solamente a portare gli sviluppatori open-source a dover archiviare i propri progetti GitHub

È da parecchio che affrontiamo la questione relativa ai CVE "dubbiosi" o quantomeno sovrastimati con cui i maintainer dei progetti open-source devono combatter

Radio AzureusJul 1, 2024

Interesting 🤔 how #CVE are leveraged as resume items, putting #programmers #developers & project leads under pressure by #bogus CVE reports or unnecessary high CVE ratings.

Popular and obscure programs are affected in the #OpenSource #POSIX world e.g #Linux #freeBSD #netBSD #openBSD

#Curl ➰ by #Daniel #Stenberg #IP by #Fedor #Indutny & #nodeIP are popular programs hit by this #phenomena which can lead to unwarranted #panic in the users space

https://www.bleepingcomputer.com/news/security/dev-rejects-cve-severity-makes-his-github-repo-read-only/

Dev rejects CVE severity, makes his GitHub repo read-only

The popular open source project, 'ip' had its GitHub repository archived, or made "read-only" by its developer as a result of a dubious CVE report filed for his project. Unfortunately, open-source developers have recently been met with an uptick in debatable or outright bogus CVEs filed for their projects.