logoalt Hacker News

kbumsiktoday at 1:44 AM2 repliesview on HN

Why own numbering instead of CVE?


Replies

vngzstoday at 1:50 AM

It lets organizations (Tailscale) control the timing and narrative around the disclosure more directly. Organizations sometimes avoid the bureaucracy of going through CVE Numbering Authorities by self-publishing. Often a CVE assignment follows self-disclosure, especially when there's pressure to interoperate with vuln-scanning/compliance tooling

show 1 reply
wereHamstertoday at 4:53 AM

Some reasons why an org might want to become their own CNA: https://daniel.haxx.se/blog/2024/01/16/curl-is-a-cna/