**Yellow Flag** @WPalant@infosec.exchange · Dec 17, 2020, 13:11

**Yellow Flag** @WPalant@infosec.exchange · Dec 17, 2020, 13:11

Yellow Flag @WPalant@infosec.exchange

Dec 17, 2020, 13:11

Yellow Flag @WPalant@infosec.exchange

Those of you who report security vulnerabilities, do you also request #CVE identifiers for them? Maybe also explain in comments how the overhead is worth it for you. I’m still undecided on the topic.

#infosec #security

11% Yes, always
11% For important findings
0% No, never
77% Other / See results

**Yellow Flag** @WPalant@infosec.exchange · 2020-12-20T13:18:32Z

Yellow Flag @WPalant@infosec.exchange

The poll has ended. With six votes across Twitter and Mastodon the results are hardly representative. But it seems that a #CVE identifier for everything is a rare approach (1 vote). Most respondents create one only for important findings (3 votes) or never (2 votes).

Dec 20, 2020, 13:18 · · · ·

**Yellow Flag** @WPalant@infosec.exchange · Dec 20, 2020, 13:18

**Yellow Flag** @WPalant@infosec.exchange · Dec 20, 2020, 13:18

Dec 20, 2020, 13:18

Yellow Flag @WPalant@infosec.exchange

There is also a comment on Mastodon explaining the logic behind this: if it’s a vulnerability that companies should patch ASAP, assigning a #CVE identifier improves the chances considerably.

Trending now

Resources

Developers

What is Mastodon?

infosec.exchange

More…