Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add slide about bogus CVE submissons #1

Open
Doctor-love opened this issue Mar 22, 2024 · 2 comments
Open

Add slide about bogus CVE submissons #1

Doctor-love opened this issue Mar 22, 2024 · 2 comments

Comments

@Doctor-love
Copy link
Member

The course takes up the problem with some vendors being their own CNA and at the same time being reluctant to assign CVEs to vulns, thereby stalling the disclosure/mitigation process. There is however also the opposite problems, as brought up by @bagder with bogus vulnerabilities being assigned CVEs for the cURL project without proper investigation. Make sure to include a slide about this before next course round.
@vin01
Copy link

vin01 commented May 2, 2024

more on bogus CVEs including now trending LLM-generated CVEs spamming project maintainers:

@Doctor-love
Copy link
Member Author

more on bogus CVEs including now trending LLM-generated CVEs spamming project maintainers:

* https://github.com/vin01/bogus-cves/

* [bogus CVE claimed on this project jfree/jfreechart#396](https://github.com/jfree/jfreechart/issues/396)

Thanks - nice resource you've compiled!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@Doctor-love @vin01