Comment by goalieca

Comment by goalieca 13 hours ago

0 replies

View on Hacker News

I’d estimate the vast majority of CVEs in third party source are not directly or indirectly exploitable. The CVSS scoring system assumes the worst case scenario the module is deployed in. We still have no good way to automate adjusting the score or even just figuring false positive.