I was recently interviewed by my friend Jack Wallen (whom I've known for 20 years as he actually coerced me to start writing for TechRepublic ages ago!). It was about a topic near and dear to my heart: CVSS (or Common Vulnerability Scoring System). With the explosion of security scanning vendors, particularly around containers, the reliance and misunderstanding of CVSS has been a thorn in my side.
I don't often blog about challenges at work or in the security industry, but I had considered writing about CVSS and some deficiencies around it (I may yet still do so). When Jack reached out to Red Hat to be interviewed, I jumped at the opportunity because it's an important topic and because I could trust Jack not to twist or sensationalize what I had to say. =)
This is an important topic, irrespective of who is talking about it. There is so much wrong with the way CVSS is being used today.