Non-determinism is an issue with patching CVEs

15 points by mathewpregasen 37 minutes ago

There has been so much discussion about the increase of volume in CVEs. I love that it's super apparent from looking at that graph of CVEs by year, there is a noticeable bend in the slope upward in the 2026 plot. It's not just hype, the rate of CVEs is changing faster than prior years.

tptacek - 24 minutes ago

Reads kind of sales-pitchy. Every day we see another actively exploited Linux LPE; have you thought about your SBOM today?

ronef - 8 minutes ago

I feel we should definitely be digging way beyond the SBOM... but also wondering if the forecasting in the general ecosystem is on point or not.
- ronef - 7 minutes ago
  
  I.e. is this overhyped?

LoganDark - 25 minutes ago

That is not the title of the article:

> Achieving CVE Remediation in an Era of Escalating Vulnerabilities