Email or username:

Password:

Forgot your password?
Stefano's posts Post Back to profile
Top-level
Joel Takvorian

@stefano same (lack of) rationale when software editors are required to upgrade any dependency known to have a CVE - no matter if it is actually vulnerable or not. Vulnerability scanners drive the security. At some point they do more harm than good.

22 July at 11:53 | Wall-to-wall | Open on framapiaf.org
2 comments
Stefano Marinelli

@jotak in my own experi nice, I agree; they did more harm than good

22 July at 12:16 | Open on mastodon.bsd.cafe
ꮤꭺꮯ :verified_paw:

@jotak @stefano They've just got a giant list of CVEs and versions and they're trying to Goodhart's Law those metrics as fast as they can.

It certainly reduces their labor costs since they don't need to hire people with any relevant knowledge beyond reading a list.

22 July at 12:34 | Open on infosec.exchange
Go Up