On 12 July 2015 at 03:31, Salz, Rich wrote:
> I'd be concerned about doing that. While this one seemed pretty rare --
> only folks running a release less than 30 days old in production -- as a
> general rule, it's impossible to tell. For example, we THINK that PSK
> isn't used much, but we have
> > I wanted to suggest that when notifying of new vulnerabilities, in addition
> to the severity level, information is also provided about how widespread the
> issue is expected to be.
I'd be concerned about doing that. While this one seemed pretty rare -- only
folks running a release less tha
> I wanted to suggest that when notifying of new vulnerabilities, in addition
> to the severity level, information is also provided about how widespread the
> issue is expected to be.
>
> For example, the statement might say "this high severity bug is expected to
> affect around 70% of cases”, o
Hi,
I apologize if this is the wrong place for this email - it seemed to be the
most suitable of the mailing lists.
I wanted to suggest that when notifying of new vulnerabilities, in addition to
the severity level, information is also provided about how widespread the issue
is expected to be.
