Retired Staff
Retired Staff
Surely the idea that a software vendor can become a CNA, and effectively block anyone else from assigning CVEs to their products, is... not great? There's an obvious conflict of interest if (for example) Adobe is the only outfit which can issue CVEs for Adobe software, and they choose to downplay security issues.
Retired Staff
Retired Staff
Well, for me, the crazy part of all that is the fact that they assigned such a high priority to something that has very minor implications to a package that is used by so many other vendors. Especially since it was addressed so long ago originally. It's a huge issue that can have real world ramifications for other software.
Log in or register to unlock full forum benefits!
Log in or register to unlock full forum benefits!
Register
Register on Admin Junkies completely free.
Register now
Log in
If you have an account, please log in
Log in
Activity
So far there's no one here