• lightnegative@lemmy.world
    link
    fedilink
    English
    arrow-up
    0
    arrow-down
    1
    ·
    8 months ago

    If you can’t demonstrate an attack they will assume the issue isn’t exploitable.

    Absolutely. Theory doesn’t always equal reality. The security guys submitting CVE’s to pad their resumes should absolutely be required to submit a working exploit. If they can’t then they’re just making needless noise