Nah, "removing CNA" = "let any security researcher decide what kernel vulnerability is"
And unfortunately, there are plenty of security researchers who are only interested in personal CVE counts, and will try to assign highest priority to a mostly harmless bug.
alt Hacker News
Nah, "removing CNA" = "let any security researcher decide what kernel vulnerability is"
And unfortunately, there are plenty of security researchers who are only interested in personal CVE counts, and will try to assign highest priority to a mostly harmless bug.