Recent searches
Search options
The #Linux #kernel's #CVE team just published their thousandth CVE[1]. 
This happened 78 days after the effort was announced[2].
Note, 26 of the 1003 CVE entries published so far were later rejected. For details check https://git.kernel.org/pub/scm/linux/security/vulns.git/ or https://lore.kernel.org/linux-cve-announce/
[2] http://www.kroah.com/log/blog/2024/02/13/linux-is-a-cna/ #LinuxKernel
@kernellogger Well, some of those 1000 have been rejected, here's the current stats that anyone can check for themselves in our public git repo by running `scripts/summary` so you don't have to hack up fun `find | wc` chains like you did:
Year Reserved Assigned Rejected Total
2019: 47 2 1 50
2020: 37 13 0 50
2021: 39 304 7 350
2022: 7 43 0 50
2023: 60 180 10 250
2024: 107 435 8 550
Total: 297 977 26 1300
Anything older than 2023 is us back-filling in from the GSD database, and we still have a long way to go for there. Some 2023 ones are in there too from GSD, but mostly not, all of 2024 is since we took over being a CNA.
Year Reserved Assigned Rejected Total
2019: 47 2 1 50
2020: 37 13 0 50
2021: 39 304 7 350
2022: 7 43 0 50
2023: 60 180 10 250
2024: 107 435 8 550
Total: 297 977 26 1300
Anything older than 2023 is us back-filling in from the GSD database, and we still have a long way to go for there. Some 2023 ones are in there too from GSD, but mostly not, all of 2024 is since we took over being a CNA.
Thx for the additional details (but FWIW, seems you missed that the toot already had mentioned that 26 were rejected 
whatever, easy to miss).
And thx for all your work, too!
@kernellogger @gregkh I was also thinking "But, rejected..." at first, but I soon realized that the rejected CVEs are also a result of the CNA's effort, and therefore should be counted. I also appreciate the CNA's efforts!