David "Pip" Pippenger

icon indicating a website link http://cisco.com icon indicating an email [email protected]

icon company Cisco icon location Pasadena, CA

Results 3 comments of David "Pip" Pippenger

Need CVE auto-linking disambiguation to CVEs that belong to more than 1 project

The github advisory database seems to be enforcing a 1:1 mapping of CVE ID to software project, see here https://github.com/github/advisory-database/pull/2868 The problem this creates is the NVD doesn't have this...

Latest release v0.13.0 has CVE-2020-14040 (score 7.5) from dependency golang.org/x/text v0.3.1

I would ask you reconsider your position. Having defects that are resolvable by upgrading components is generally good security practice. By rejecting these results simply because we can't figure out...

Deprecate Netty3 in Druid

It would help to have some clarification from the project maintainers what the plan is for netty3 since the included 3.10.6 is no longer maintained by the netty developers and...