Radio AzureusJul 1, 2024

Interesting 🤔 how #CVE are leveraged as resume items, putting #programmers #developers & project leads under pressure by #bogus CVE reports or unnecessary high CVE ratings.

Popular and obscure programs are affected in the #OpenSource #POSIX world e.g #Linux #freeBSD #netBSD #openBSD

#Curl âž° by #Daniel #Stenberg #IP by #Fedor #Indutny & #nodeIP are popular programs hit by this #phenomena which can lead to unwarranted #panic in the users space

https://www.bleepingcomputer.com/news/security/dev-rejects-cve-severity-makes-his-github-repo-read-only/

Dev rejects CVE severity, makes his GitHub repo read-only

The popular open source project, 'ip' had its GitHub repository archived, or made "read-only" by its developer as a result of a dubious CVE report filed for his project. Unfortunately, open-source developers have recently been met with an uptick in debatable or outright bogus CVEs filed for their projects.

Show threadStéphane BortzmeyerJul 1, 2024
@RadioAzureus "IP addresses supplied to it in a non-standard format" Note that, unlike IPv6, IPv4 has no "standard format". (People who deny this are requested to mention the RFC where it is standardized, along with the section number.)
Show thread👻 scary ipv6-only networks 👻
@bortzmeyer @RadioAzureus this is the part where we argue the standard format is e.g. 2130706433 right?
Jul 3, 2024 at 3:04pmWeb