As a long time security engineer, CVEs are completely mismanaged and create huge amounts of pointless toil for developers. To wit, there are entire companies that built their business on helping people “manage” vulnerabilities.
Getting a CVE published became some kind of resume / CV padding tactic a decade ago and the quality of the vulnerability information is commensurate with what you might expect.
One of the most valuable activities I perform as a security engineer is triaging “CVE vulnerabilities” and making sure they don’t distract people from shipping working code. Mostly that’s marking them as a false positive or not applicable to our use cases.
Tony
npub19p…07vv5
2025-04-16 19:29:19
in reply to nevent1q…n787
Author Public Key
npub19p08phqkzm5wuxrcjc8axmsxpprtxz9vv5sm60zteyyvwx639q6qd07vv5Published at
2025-04-16 19:29:19Event JSON
{
"id": "67759d04994ae40d9d6d8c341d2be2fc9d852a4fc0d8f3574804e41b649c96ca",
"pubkey": "285e70dc1616e8ee1878960fd36e060846b308ac6521bd3c4bc908c71b512834",
"created_at": 1744831759,
"kind": 1,
"tags": [
[
"e",
"cc4eac4067cd473819b597662851d8c64e813b8ea628c65acd7b7edf4db92681",
"wss://pyramid.fiatjaf.com/",
"root"
],
[
"p",
"3bf0c63fcb93463407af97a5e5ee64fa883d107ef9e558472c4eb9aaaefa459d",
"",
"mention"
]
],
"content": "As a long time security engineer, CVEs are completely mismanaged and create huge amounts of pointless toil for developers. To wit, there are entire companies that built their business on helping people “manage” vulnerabilities. \n\nGetting a CVE published became some kind of resume / CV padding tactic a decade ago and the quality of the vulnerability information is commensurate with what you might expect.\n\nOne of the most valuable activities I perform as a security engineer is triaging “CVE vulnerabilities” and making sure they don’t distract people from shipping working code. Mostly that’s marking them as a false positive or not applicable to our use cases. ",
"sig": "9c78f372bb3d9b2a602d36779292f7e8c946c15862e76ac8ee7c4f494340b44641d20f88a60f8c4e47a4785a5be5db9a80eae9f128b2b43b0d1c075fe2e7b37a"
}