• Godort
    link
    fedilink
    arrow-up
    83
    arrow-down
    2
    ·
    5 months ago

    While many of the CVEs are filed in good faith by responsible researchers and represent credible security vulnerabilities, a recently growing pattern involves newbie security enthusiasts and bug bounty hunters ostensibly “collecting” CVEs to enrich their resume rather than reporting security bugs that constitute real-world, practical impact from exploitation.

    Oh, this is once again HR’s fault