{
  "@context":[
    "https://www.w3.org/ns/activitystreams",
    {"Hashtag":"as:Hashtag"}
  ],
  "published":"2024-07-02T00:28:43.188Z",
  "attributedTo":"https://gopinath.org/actors/rahul",
  "replies":"https://gopinath.org/objects/9feu29yUukc/replies",
  "to":["https://www.w3.org/ns/activitystreams#Public"],
  "cc":["https://gopinath.org/actors/rahul/followers"],
  "content":"<p>I have posted about a related issue <a href=\"https://gopinath.org/objects/HliF7pFtRVw\">before</a>, but it seems that it is time to take a harder look at using CVEs as the touchstone for effectiveness of security tools. It has <a href=\"https://www.bleepingcomputer.com/news/security/dev-rejects-cve-severity-makes-his-github-repo-read-only/\">become far too easy</a> to produce CVEs (even high severity ones) because there is limited oversight in the whole process. If you are a security researcher wondering how to evaluate your tool, <a href=\"https://rahul.gopinath.org/publications/2023/04/26/systematic/\">please consider using Mutation Analysis as the metric</a>. It is a well researched technique that can reliably show how your tool performs, and provide you insights with where you can improve.</p>",
  "mediaType":"text/html",
  "attachment":[],
  "type":"Note",
  "id":"https://gopinath.org/objects/9feu29yUukc"
}