@marzlberger That reminds me of the complaint that security researchers are CVE-Spamming Linux:

https://news.risky.biz/risky-biz-news-the-linux-cna-mess/

EDIT: and that the Linux CNA doesn’t make that better, but rather churns out CVEs. Sadly I don’t find the article anymore which described that having found CVEs can be important for payment of security researchers, so the flaw goes deeper than just to Linux. It rather points to a problem of performance metrics: https://www.draketo.de/english/science/quality-assurance

@christian @j_r @willyneuhaus