You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
(more generally I think that the problem is that OSV consumers can be a bit overzealous in that everything is treated as "vulnerability" without vetting anything. Maybe there should be a way to say that some entries are generated based on automated tools and should be vetted. If they are confirmed by maintainers consumers can be confident that entries are vulnerabilities. I proposed "confidence" in another context google/osv.dev#918 but it can probably be applied here)
(more generally I think that the problem is that OSV consumers can be a bit overzealous in that everything is treated as "vulnerability" without vetting anything. Maybe there should be a way to say that some entries are generated based on automated tools and should be vetted. If they are confirmed by maintainers consumers can be confident that entries are vulnerabilities. I proposed "confidence" in another context google/osv.dev#918 but it can probably be applied here)
Originally posted by @evverx in google/osv.dev#2176 (comment)
The text was updated successfully, but these errors were encountered: