If you can’t demonstrate an attack they will assume the issue isn’t exploitable.
Absolutely. Theory doesn’t always equal reality. The security guys submitting CVE’s to pad their resumes should absolutely be required to submit a working exploit. If they can’t then they’re just making needless noise
Absolutely. Theory doesn’t always equal reality. The security guys submitting CVE’s to pad their resumes should absolutely be required to submit a working exploit. If they can’t then they’re just making needless noise