ZH version is available. Content is displayed in original English for accuracy.
Advertisement
Advertisement
⚡ Community Insights
Discussion Sentiment
67% Positive
Analyzed from 107 words in the discussion.
Trending Topics
#vuln#explicit#wanted#discovered#don#reasonable#policy#resolution#glad#mitre
Discussion (1 Comments)Read Original on HackerNews
Daniel refrains from making explicit their speculation as to why the reporting party wanted the CVE assigned. I'll try to make it explicit:
The reporter wanted the credit for having discovered a security issue in Curl, they probably don't have many accolades, so this would look great on their resume, blog, linkedin or twitter.
It's also deducible that they don't have the skills to find another vuln of the same or higher severity, otherwise they would have spent effort doing that instead of trying to push the one vuln they discovered. So the vuln was found either with AI, or by chance as a user.
It's like a reputational beg bounty, a topic which Stenberg has previously covered a lot since AI caused an influx of low quality reports.