Vulnerability scores, huh, what are they good for? Almost nothing
CVE and CVSS systems suffer from misaligned incentives and inconsistency
Security
16 Oct 2025 | 5
Whois Feross Aboukhadijeh ..
“Feross is founder and CEO at Socket (https://socket.dev), a developer-first security platform. Feross has worked in open source software for 10+ years writing some of the most-downloaded JavaScript packages. Feross is a lecturer at Stanford where he teaches CS 253 Web Security. Socket makes a developer-first security platform that prevents vulnerable and malicious open source dependencies from infiltrating your software supply chain. Thousands of organizations in every industry use Socket to safely discover, audit, and manage OSS at scale.”
“Topics include: Principles of web security, attacks and countermeasures, the browser security model, web app vulnerabilities, injection, denial-of-service, TLS attacks, privacy, fingerprinting, same-origin policy, cross site scripting, authentication, JavaScript security, emerging threats, defense-in-depth, and techniques for writing secure code. Course projects include writing security exploits, defending insecure web apps, and implementing emerging web standards.”