Use of vulnerabilities with CVSS 10 to advertise patch update


I don’t think this a reasonable way to advertise for a new version, especially for a patch update that brings a minor functionality:

Overrides are a workaround but they need to be deployed individually on each instance of GVM you may have.
In my opinion to use vulnerabilities and CVSS for a this purpose reflects quite badly on the seriousness of a security product.

You miss that your Engine can not find all vulnerabilities and there for is a huge false negative risk. Therefor this shows that you need to scan with a up to date engine.

1 Like