alt Hacker News“No evidence of exploitation” is a pretty bog standard report I think? Made on Christmas Eve no less.
Do other CVE reports come with more strong statements? I’m not sure they do. But maybe you can provide some counter examples that meet your bar.
Replies
perching_aix • today at 4:23 AM
It's not really my bar, I just explored this on behalf of the person you were replying to because I found it mildly interesting.
It is also a pretty standard response indeed. But now that it was highlighted, maybe it does deserve some scrutiny? Or is saying silly, possibly misleading things okay if that's what everyone has always been doing?
> "No evidence of exploitation” is a pretty bog standard report
It is standard, yes. The problem with it as a statement is that it's true even if you've collected exactly zero evidence. I can say I don't have evidence of anyone being exploited, and it's definitely true.