All,
We have had quite a few security reports recently that are technically
valid vulnerabilities but have pre-requisites that are such that it is
almost certain no users are impacted by them.
Currently we assign these a severity of LOW. Do we want to handle them
differently?
Possible options:
- Don't issue CVEs for these
- New severity for "Lower than low" name TBD
- Something else?
Mark
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]