logoalt Hacker News

vngzstoday at 1:50 AM1 replyview on HN

It lets organizations (Tailscale) control the timing and narrative around the disclosure more directly. Organizations sometimes avoid the bureaucracy of going through CVE Numbering Authorities by self-publishing. Often a CVE assignment follows self-disclosure, especially when there's pressure to interoperate with vuln-scanning/compliance tooling


Replies

bigfatkittentoday at 2:43 AM

And sometimes it’s just impossible to get a CVE number in a reasonable amount of time, or indeed at all.