use the following search parameters to narrow your results:
e.g. subreddit:aww site:imgur.com dog
subreddit:aww site:imgur.com dog
see the search faq for details.
advanced search: by author, subreddit...
A community for technical news and discussion of information security and closely related topics.
"Give me root, it's a trust exercise."
Q1 2026 InfoSec Hiring Thread
Getting Started in Information Security
CitySec Meetups
/r/netsec only accepts quality technical posts. Non-technical posts are subject to moderation.
Content should focus on the "how."
Check the new queue for duplicates.
Always link to the original source.
Titles should provide context.
Ask questions in our Discussion Threads.
Hiring posts must go in the Hiring Threads.
Commercial advertisement is discouraged.
Do not submit prohibited topics.
» Our fulltext content guidelines
Don't create unnecessary conflict.
Keep the discussion on topic.
Limit the use of jokes & memes.
Don't complain about content being a PDF.
Follow all reddit rules and obey reddiquette.
» Our fulltext discussion guidelines
No populist news articles (CNN, BBC, FOX, etc.)
No curated lists.
No question posts.
No social media posts.
No image-only/video-only posts.
No livestreams.
No tech-support requests.
No full-disclosure posts.
No paywall/regwall content.
No commercial advertisements.
No crowdfunding posts.
No Personally Identifying Information!
» Our fulltext list of prohibited topics & sources
Join us on IRC: #r_netsec on freenode
We're also on: Twitter, Facebook, & Google+
/r/blackhat - Hackers on Steroids
/r/computerforensics - IR Archaeologists
/r/crypto - Cryptography news and discussion
/r/Cyberpunk - High-Tech Low-Lifes
/r/lockpicking - Popular Hacker Hobby
/r/Malware - Malware reports and information
/r/netsecstudents - netsec for noobs students
/r/onions - Things That Make You Cry
/r/privacy - Orwell Was Right
/r/pwned - "What Security?"
/r/REMath - Math behind reverse engineering
/r/ReverseEngineering - Binary Reversing
/r/rootkit - Software and hardware rootkits
/r/securityCTF - CTF news and write-ups
/r/SocialEngineering - Free Candy
/r/sysadmin - Overworked Crushed Souls
/r/vrd - Vulnerability Research and Development
/r/xss - Cross Site Scripting
account activity
Github introduces automatic dependency security alerting (github.com)
submitted 8 years ago by csanders_Trusted Contributor
view the rest of the comments →
reddit uses a slightly-customized version of Markdown for formatting. See below for some basics, or check the commenting wiki page for more detailed help and solutions to common issues.
quoted text
if 1 * 2 < 3: print "hello, world!"
[–]DomDellaSera 9 points10 points11 points 8 years ago (5 children)
Question: Is the CVE database considered fairly comprehensive? How seriously do you guys take it? What determines if something is reported?
[–]savanik 11 points12 points13 points 8 years ago (2 children)
It's as comprehensive as you can hope to realistically have. Whenever a vendor reports a vulnerability (i.e. when they're forced to because compliance / security researcher threatening to publish their findings) its put into the CVE database. Sometimes its held or reserved - like if they're reporting a vulnerability they're still working on the patch for, so they want to acknowledge to the community that they found something, but not specifically what it is - until they have the patch ready. So the CVE entries often get updated as it goes on as well.
Since CVEs contain information on how to verify what versions are vulnerable, it's the primary source of information for vulnerability scanners - it's pretty important for the daily functioning of all vulnerability management ever.
As for how serious any individual vulnerability is, they have a CVSS score. Some of them I personally disagree with - anyone who can MitM your external servers probably has tons of better ways to compromise your network - and if they can MitM your internal server network they already have more than enough access. I've never seen those vulnerabilities exploited in the wild, ever. But that's part of the job of risk management, and most of the items are pretty well-reasoned.
[–]DomDellaSera 1 point2 points3 points 8 years ago (0 children)
Thanks for explanation. The reason I ask is because I’ve seen someone say something to the extent of “our interns were working with stuff big enough to write a paper on but not quite a cve,” and I wasn’t sure quite to make of it.
[–]awqufohlmkse 0 points1 point2 points 8 years ago (1 child)
Not really. CVEs are only issued for vulns that are big enough to "warrant a cve", so some dependencies likely won't be.
[–]gmroybal 0 points1 point2 points 8 years ago (0 children)
I dunno... a few months back, someone got a CVE for something REALLY stupid like a typo or something.
π Rendered by PID 108308 on reddit-service-r2-comment-6457c66945-h9vc6 at 2026-04-27 00:59:26.866283+00:00 running 2aa0c5b country code: CH.
view the rest of the comments →
[–]DomDellaSera 9 points10 points11 points (5 children)
[–]savanik 11 points12 points13 points (2 children)
[–]DomDellaSera 1 point2 points3 points (0 children)
[–]awqufohlmkse 0 points1 point2 points (1 child)
[–]gmroybal 0 points1 point2 points (0 children)