I’ll not speak on the side of potential bad, but I will talk on what I see as good about these teams being CNA’d. The entire policy chain depends on them, and requires them to do their work, which makes it easy to point at as a team and say “one of our core values is making that CVE list trustable” instead of it being used to hide reports.
2 comments
[ 3.1 ms ] story [ 18.0 ms ] thread