Decently written, but some flaws. Not every automated tool relies exclusively on CVE information, and the CNA model is "squishy," from the word you used. I don't consider CVE to be a database since that feeds into NVD, which may have been a better example for your model. :)
Will autonomy kill CVE's? More specifically, downstream tools may be missing important @mitre CVEs because automated tools can't report them easily. I talk through the issues in my blog: https://www.csoonline.com/article/3444496/autonomy-and-the-death-of-cves.html … #fuzzing
-
-
-
Good point. Not all do, but many pre-populate the CVE database to bootstrap "known knowns". Point is a tool may say something like "18 bits EIP controllable". Current efforts have different goals then this, though I'd think any VR person would want to know the above.
Kraj razgovora
Novi razgovor -
Čini se da učitavanje traje već neko vrijeme.
Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.