I sadly have observed that CVEs are required on job postings for security roles. Publish or perish in another industry.
On Mon, Oct 27, 2025 at 11:29 AM Jeremy Stanley <[email protected]> wrote: > > On 2025-10-27 09:34:03 -0700 (-0700), Alan Coopersmith wrote: > [...] > >> The vendor was contacted early about this disclosure but did not > >> respond in any way. > [...] > > With the flood of dubious reports being submitted by anyone who can > thumb some words into an LLM prompt and not bother to check the > results for hallucinated nonsense, I've taken to ignoring or > summarily closing such submissions to projects I work on as not > worth my time to respond. This is probably yet another sign that the > CVE system needs an overhaul or it's going to get ignored when it > becomes as overwhelmed with "AI noise" as everything else (not > saying these reports were necessarily machine-generated, but it's > reaching the point where open source projects with limited resources > have no choice but to silently bin such nonsense to /dev/null). > -- > Jeremy Stanley -- - Andrew "lathama" Latham -
