> this does possibly have a chilling effect if the vendor's CNA refuses valid vu... | Hacker News

HN2new | past | comments | ask | show | jobs | submit

		jorams 85 days ago \| parent \| context \| favorite \| on: FFmpeg to Google: Fund us or stop sending bugs > this does possibly have a chilling effect if the vendor's CNA refuses valid vulns The Linux kernel went in the opposite direction: Every bugfix that looks like it could be relevant to security gets a CVE[1]. The number of CVEs has increased significantly since it became a CNA. [1]: https://lwn.net/Articles/978711/

fulafel 85 days ago [–]

Thanks. They seem to be pretty proactive indeed if you look at the feed: https://lore.kernel.org/linux-cve-announce/

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact