• @[email protected]
    link
    fedilink
    766 months ago

    While many of the CVEs are filed in good faith by responsible researchers and represent credible security vulnerabilities, a recently growing pattern involves newbie security enthusiasts and bug bounty hunters ostensibly “collecting” CVEs to enrich their resume rather than reporting security bugs that constitute real-world, practical impact from exploitation.

    Oh, this is once again HR’s fault