Why Critical Vulnerabilities Do Not Get Reported In The CVE/NVD Databases And How Organisations Can Mitigate The Risks
A failure to report high-severity vulnerabilities often happens with open-source projects — vulnerabilities are discovered, disclosed to relevant parties and (hopefully) fixed without anyone filing a CVE request. It usually boils down to a lack of awareness or is viewed as overly burdensome to submit the CVE request. In 2017, around 7,000 CVE-IDs assigned by […]
