All,

We have had quite a few security reports recently that are technically valid vulnerabilities but have pre-requisites that are such that it is almost certain no users are impacted by them.

Currently we assign these a severity of LOW. Do we want to handle them differently?

Possible options:
- Don't issue CVEs for these
- New severity for "Lower than low" name TBD
- Something else?

Mark

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to