1. 19
  1.  

  2. 3

    For example, a person named Donghyun Lee started mass-filing CVEs against Alpine-based images without actually verifying if the image was vulnerable or not, which Jerry Gamblin called out on Twitter last year.

    I’m a little astonished that CVEs have become a scorekeeping mechanism in quite this way. I shouldn’t be astonished; if something can be contorted into becoming a metric, there are those who will game it. But I didn’t think that would happen to CVEs just because it’s so trivial to generate one. It makes me wonder who, exactly, is making it beneficial for this “person named Donghyun Lee” to create these bullshit CVE entries. I’d like to know who, and I swear it’s not simply because I think I could swindle them in a more interesting way than that if I could contact them.