Post B08DRB2yMzdPEaPUTA by eighthave@social.librem.one
 (DIR) More posts by eighthave@social.librem.one
 (DIR) Post #B08DRB2yMzdPEaPUTA by eighthave@social.librem.one
       2025-11-11T09:00:40Z
       
       1 likes, 0 repeats
       
       There is a danger to systems that automatically track CVEs. Its definitely good to automate  tracking CVEs as much as possible. The danger comes when people do not understand what it means. The presence of library version with a CVE is not a binary flag that something is insecure. Just as importantly, the lack of CVEs does not mean the code is secure.Lots of coders want this to be a binary flag. The right way to think of this in binary terms is: did a maintainer review the #CVE?#security #ux