Those of you who report security vulnerabilities, do you also request identifiers for them? Maybe also explain in comments how the overhead is worth it for you. I’m still undecided on the topic.

The poll has ended. With six votes across Twitter and Mastodon the results are hardly representative. But it seems that a identifier for everything is a rare approach (1 vote). Most respondents create one only for important findings (3 votes) or never (2 votes).


There is also a comment on Mastodon explaining the logic behind this: if it’s a vulnerability that companies should patch ASAP, assigning a identifier improves the chances considerably.

Sign in to participate in the conversation
Infosec Exchange

A Mastodon instance for info/cyber security-minded people.