Here is the thing. Everybody, including attackers, is too overwhelmed with the boring variety of CVEs and unable to even think about the more interesting kind.
As soon as we make people stop generating those boring ones by the millions, our days will be way more interesting while we find and fix more complex CVEs. But anyway, those will also be way more common on C and C++ code than most other languages (maybe with an exception for JS).
EDIT: Oh, nevermind. I’ve forgotten that it’s using CVSS, which has a tendency to really overestimate the risk, so almost everyting is CCVE according to them :D
Here is the thing. Everybody, including attackers, is too overwhelmed with the boring variety of CVEs and unable to even think about the more interesting kind.
As soon as we make people stop generating those boring ones by the millions, our days will be way more interesting while we find and fix more complex CVEs. But anyway, those will also be way more common on C and C++ code than most other languages (maybe with an exception for JS).
We can call them CCVE’s! Critical CVE’s.
EDIT: Oh, nevermind. I’ve forgotten that it’s using CVSS, which has a tendency to really overestimate the risk, so almost everyting is CCVE according to them :D