Will DormannMay 27

In today's episode of "CVE is a disaster":

Anthropic has published a cordinated vulnerability disclosure dashboard for their findings.

Vulnerabilities disclosed: 1596
Vulnerabilities patched: 97
Assigned a CVE or a GHSA: 88
...
CVE COUNT for 1596 disclosed vulnerabilities: 14

If something has an adoption rate of less than 1%, what do you call it?

Edit: Apparently Anthropic doesn't know what the word "disclosed" means. In their article about Coordinated Vulnerability Disclosure, Anthropic uses "disclosed" to mean "reported" (to the maintainer). In which case we'd have a 14% success rate for CVE.

Show threadPauliehedron ✅  

@wdormann So this is a dashboard where AI has made work for people? Does it also include tracking the quality of the report/patch set demonstrated by running code artifacts following each individual project's contributor and security disclosure guidelines?

I expect these big companies to do real proof of work, they got big bucks and real hardware. They should do at least what my Hermes Agent install does on my Mac at home with Qwen3.6-35B-A3B-MTP-GGUF:IQ4_NL

May 27 at 2:13pmWeb