By Josh Bressers
=> 🔊 Play episode (31 min) | Direct episode link | 💬 Share episode
Published June 14, 2020 7:00pm
Josh and Kurt talk about CVSSv3 and how it's broken. We started with a blog post to explain why the NVD CVSS scores are so wrong, and we ended up researching CVSSv3 and found out it's far more broken than any of us expected in ways we didn't expect. NVD isn't broken, CVSSv3 is. How did we get here? Are there any options that work today? Where should we go next? Show Notes Josh's blog post NVD Red Hat security data Josh's CVE data project Microsoft security ratings scale
=> Return to podcast This content has been proxied by September (3851b).Proxy Information
text/gemini