It’s time to rethink the pivotal role incentives play in shaping behavior to find and disclose software vulnerabilities. More accurate guidance to reflect real-world risks and a tiered verification process to establish potential impact could slow misleading submissions.

The post Dark Reading: Why CVEs Are an Incentives Problem appeared first on Eclypsium | Supply Chain Security for the Modern Enterprise.

*** This is a Security Bloggers Network syndicated blog from Eclypsium | Supply Chain Security for the Modern Enterprise authored by Paul Asadoorian. Read the original post at: https://eclypsium.com/news/dark-reading-why-cves-are-an-incentives-problem/