| ▲ | vngzs 4 hours ago | |
It lets organizations (Tailscale) control the timing and narrative around the disclosure more directly. Organizations sometimes avoid the bureaucracy of going through CVE Numbering Authorities by self-publishing. Often a CVE assignment follows self-disclosure, especially when there's pressure to interoperate with vuln-scanning/compliance tooling | ||
| ▲ | bigfatkitten 3 hours ago | parent [-] | |
And sometimes it’s just impossible to get a CVE number in a reasonable amount of time, or indeed at all. | ||