OSS: What’s the difference b/w coding a backdoor & deliberately choosing an unpatched OpenSource Component w/ aCVSS 10 ?
@joshcorman @chriseng @Brian_Sniffen or realize CVE doesn't have the best record on OSS library vuln tracking.
-
-
@attritionorg@chriseng @Brian_Sniffen sure. I'm speaking to poor tracking/handling of even the known ones. -
@joshcorman@attritionorg just ‘cause it’s in a Wikipedia database, you wouldn’t call it “known”. Why is CVE different? -
@Brian_Sniffen
@joshcorman it is known to someone is the point. just not necessarily to VDBs or security people who would react to it.
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.