Reply to post: Not helped by bad scores

We're almost into the third decade of the 21st century and we're still grading security bugs out of 10 like kids. Why?

Anonymous Coward
Anonymous Coward

Not helped by bad scores

We’re setting a spate of CVEs with bloody stupid CVSS scores recently, not helped by bloody stupid bugs that aren’t security issues.

For example, flaws that require physical access to exploit are being marked as exploitable over the network which pushes the score up. Bugs that fail to check a return value during boot are also being marked as network exploitable even though there is no network at the time and no practicable way to exploit the thing anyway.

NVD are unwilling to address this problem so the scores are rapidly becoming useless so we see a lot of people asking for better ways of scoring. I’d settle for NVD accepting their limitations and asking experts for help to score vulns.

It’s exasperating.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon