You manage the system and not the CVEs themselves. The simplist thing would be a list of numbers that correspond to Google docs. The owner of the Google doc can share it with the needed parties and eventually set it as public.
You truly believe that the CVE database (and others like CWE) are only about assigning serial numbers to random reports, don't you? I see people underestimating and understanding the work of others in matters like this. Is that a trend now?
I saw this same behavior quite a while back. While I'm out of the CVE game these days, it seems that there is a forever rotating new group of people who simply don't and can never see the complexities on the process.
I think it's a testament to the previous stewardship that it appears so simple.
No I don't believe that, but it might as well operate like that. The extra stuff isn't truly needed and was being outsourced to the companies that own the products since it wasn't providing much value. Take a look at Daniel's blog posts about CVEs for curl for what happens when you let them handle it.
Grok becoming an artificial nepobaby running the entire CVE program with zero oversight sounds so fucking funny I don't even care, PLEASE god make this real holy shit I can't breathe at the thought
