Unfortunately, Security Advisories are formatted according to the Vendor wills a... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		altharaz on May 2, 2017 \| parent \| context \| favorite \| on: Escalation of Privilege Advisory Unfortunately, Security Advisories are formatted according to the Vendor wills and needs. Some vendors give you a lot a details, some are very obscure. There is a need for a "standard" Security Advisory, on the same base that there is a "standard" emerging from Responsible Disclosure.

orblivion on May 2, 2017 | [–]

The standard needs a few things like:

* Easy, unambiguous way of determining whether you're affected

* What risks are for each condition (have an AMT ready CPU, have AMT enabled, etc)

* Which patches fix which risks

And more. This will require some thought, and hopefully some UX people.

noja on May 2, 2017 | [–]

What about the CVE?

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact