Conversation

Jonathan Corbet

On the radar: !CVE

An alternate list of (alleged) vulnerability numbers for problems that the designated CNA refuses to issue a CVE for.

https://lwn.net/ml/oss-security/c01c1617-641d-4ec2-847f-2e85ea4676f7@notcve.org/

Perhaps this is an effort to identify vulnerabilities that, for whatever reason, the Powers That Be won't recognize. It also looks like a way to circumvent efforts to combat the growing bogus-CVE problem, though.
2
4
6

@corbet Oh, for crying out loud, no. It does very much seem like a scheme to avoid any pushback against bogus vulnerability reports.

/me prepares for a further increase of bogosity.

1
0
0

@corbet For some reason, that reminded me of alternative DNS roots, which were sort of popular back in the 90s.

0
0
0