Hacker Timesnew | past | comments | ask | show | jobs | submitlogin

Yeah, and there have been a lot of these lately. The more nothing-burger 9.8+ severity vulnerabilities there are, the less space there is for communicating "this is actually a severe vulnerability and you need to pay attention".

Heartbleed was a 7.5. The entire security community is constantly shouting "RED ALERT, THIS IS A MUCH MUCH WORSE VULNERABILITY THAN HEARTBLEED" and they're all just non-issues.



That's a CVSS issue. Heartbleed only affected Confidentiality, and CVSS rates scores on a triad of Confidentiality, Integrity, and Availability. RCE affects all three.


Heartbleed was a much more significant issue than this ingress-nginx thing.


I agree with you, which is why I'm redirecting the blame to the CVSS standard, which does not agree with you.


That's exactly what I'm complaining about, yes. Nothing burgers get 9.8, while earth shattering vulnerabilities get 7.5 using the scoring system that the security community uses to describe "severity".




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: