kurtseifried
commented
1 year ago So this is for handling community outreach, if you want to discuss how to count CVE's that is out of scope for GSD, and the place for that would be that twitter thread, thanks!
This is for community out reach (as per the tag)
https://twitter.com/dawiddczarnecki/status/1683108480746389506
Dawid Czarnecki @dawiddczarnecki Imagine you have a web application that is vulnerable to SQLi. It can be exploited on 3 different pages. To patch it, developers need to fix one line of code. Is it one vulnerability or three? Explain your reasons.