• chaorace@lemmy.sdf.org
    link
    fedilink
    English
    arrow-up
    9
    ·
    1 year ago

    Should the NVD be deeply involved in all of them just to provide the most accurate security score? That’s an impossible ask.

    This is a false dilemma. If the task is truly impossible, that’s not a valid excuse to try anyway and fail repeatedly, especially if doing so causes negative externalities. Numbered scores with decimal precision are not necessary to the core functionality of a CVE database and there are plenty of alternative solutions which would minimize harm and scale more economically.