Loved this article from @joshbressers
https://opensourcesecurity.io/2025/01-cve-for-end-of-life/
I see this use of CVE as yet another symptom of a problem: it's impossible to get the attention of open source users (by definition, a group of people you don't know about).
The number of users that read the changelog or mailing list, checks https://endoflife.software, or enables telemetry rounds down to zero. CVE is one of the few messaging systems that works. I expect more creative uses, not fewer, as OSS projects become CNAs.
=> More informations about this toot | View the thread | More toots from sethmlarson@fosstodon.org
=> View joshbressers@infosec.exchange profile
text/geminiThis content has been proxied by September (3851b).