a CVE dispute

A few years years ago the curl project signed up and became a CNA. This means that we are masters of and can allocate our own CVE identifiers. For any security problems within our territory, it is we who decides if the issue should get a CVE our not. No more bogus CVEs. 57 CVEs … Continue reading a CVE dispute →

daniel.haxx.se
@bagder Do you get something if you find a CVE worthy bug?
@chris yes, you get that awesome sensation that you help improving curl and a thank you and credits in the advisory
@bagder Ah. I was just wondering why someone would be so instant that the bug got a CVE. It sounds annoying. I hate explaining myself multiple times without a feedback.
@chris I cannot explain why they pushed for this so hard.
@bagder @chris Anecdote: A friend recently handled a security report in a popular free project; they don't assign CVEs ever. The reporter insisted on receiving one to build recognition for their CV
@bagder @chris My guess is resume padding