Saagar Jha (@saagar@saagarjha.com)

@mort @Foxboron You can keep saying no all you want; it doesn’t make it any more true. CVEs have basically never been an accurate representation of changes that have security impact. Actually trying to do this remains an open problem that requires significant resources.

1 Likes • 0 Reposts • Link

1 replies

@mort @Foxboron You’re upset that the situation went from “these are 10% of the security bugs and each one is definitely bad” to “this is 100% of the security bugs and maybe 10% of them are definitely bad”. Neither helps you solve the problem you have of “should I update”.

5 Likes • 1 Reposts • Link