Frivolous CVEs aren’t a good thing for security. This bug was a possible DOS (not e.g. a privilege escalation) in a disabled-by-default experimental feature. It wasn’t a security issue and should have been fixed with a patch instead of raising a false alarm and damaging trust.
It is WAY better to over report than under report. I don’t want vendors to have a lot of ability to say “nope that’s not a security problem, sweep it under the rug”.
Frivolous CVEs aren’t a good thing for security. This bug was a possible DOS (not e.g. a privilege escalation) in a disabled-by-default experimental feature. It wasn’t a security issue and should have been fixed with a patch instead of raising a false alarm and damaging trust.
It is WAY better to over report than under report. I don’t want vendors to have a lot of ability to say “nope that’s not a security problem, sweep it under the rug”.
To a point. Ever heard of the boy who cried wolf?