vin01
commented
6 months ago more on bogus CVEs including now trending LLM-generated CVEs spamming project maintainers:
Open Doctor-love opened 7 months ago
vin01
commented
6 months ago more on bogus CVEs including now trending LLM-generated CVEs spamming project maintainers:
Doctor-love
commented
6 months ago more on bogus CVEs including now trending LLM-generated CVEs spamming project maintainers:
* https://github.com/vin01/bogus-cves/ * [bogus CVE claimed on this project jfree/jfreechart#396](https://github.com/jfree/jfreechart/issues/396)
Thanks - nice resource you've compiled!
The course takes up the problem with some vendors being their own CNA and at the same time being reluctant to assign CVEs to vulns, thereby stalling the disclosure/mitigation process. There is however also the opposite problems, as brought up by @bagder with bogus vulnerabilities being assigned CVEs for the cURL project without proper investigation. Make sure to include a slide about this before next course round.