Post from 2026-04-02 12:28:17
1) "people will finally understand that security bugs are bugs" - Tautology?
2) "the only sane way to stay safe is to periodically update" - What about attack surface reduction? Risk based mitigations? How does this assertion relate to 1)?
3) "without focusing on 'CVE-xxx'" - CVEs are useful to find information to implement appropriate controls (see 2)). Unless of course the CNA spams the database with useless data....