If you think you can stop using products of companies whose executives support the Republican Party, you’re quickly going to find yourself in the Stone Age.

Nearly every corporate executive, for nearly every company, is likely to be a Republican.

Even Tim Cook, an outspoken homosexual who has previously been the target of Trump-led MAGA vitriol, just recently expressed support and donated a million dollars to Trump.

People will just posture and harumph, yet keep buying Samsung, Google, and Apple cell phones, or use Enamel baby formula, or eat meat and vegetables grown using John Deere and Monsanto products…

I could go on, but there is no need to depress myself.

deleted by creator

Actively encouraging people to toss perfectly good hardware to fuel their subscription bullshit… and these guys weren’t even recently bought by a VC firm or anything?

1. From the title of your article and your executive summary, the premise of your paper is that CVSS is flawed, and CITE is your solution.
2. From the title of your article, and choice of name, “QHE CVSS Alternative; CITE”. CVSS is a VULNERABILITY Scoring System. CITE, as your propose, is a THREAT evaluation tool. You can see how one could have the impression that they were incorrectly being used interchangeably.

As you yourself stated, CVSS does exactly what it says on the box. It provides a singular rating for a software vulnerability, in a vacuum. It does not prescribe to do anything more, and it does a good job doing what it sets out to do (including specifically as an input to other quantitative risk calculations).

Compare what with attack?

Your methodology heavily relies on “the analysis of cybersecurity experts”, and in particular, frequently references “exploit chains”, mappings which are not clearly defined, and appears to rely on the knowledge of the individual practitioner, rather than existing open frameworks. MITRE ATT&CK and CAPEC already provide such a mapping, as well as a list of threat actor groups leveraging tactics, techniques, and procedures (e.g., exploitation of a given CVE). Here’s a good articlewhich maps similarly to how we operate our cybersecurity program.

I think there is a lot on the mark in your article about the issues with cybersecurity today, but again, I believe that your premise that CVSS needs replacing is flawed, and I don’t think you provided a compelling case to demonstrate how/why it is flawed. If anything, I think you would agree that if organizations are exclusively using CVSS scores to prioritize remediation, they’re doing it wrong, and fighting an impossible battle. But this means the organization’s approach is wrong, not CVSS itself.

Your article stands better alone as a proposal for a methodology for quantifying risk and threat to an organization (or society?), rather than as a takedown of CVSS.

Glancing through your article, while you have correctly assessed the need for risk based prioritization of vulnerability remediation and mitigation, your central premise is flawed.

Vulnerability is not threat— CVSS is a scoring system for individual vulnerabilities, not exploit chains. For that, you’ll want to compare with ATT&CK or the legacy cyber kill chain.

Saying “Integrates with OpenAI” in 2023 is exactly equivalent to saying “uses Web 2.0” from 20 years ago. Buzzword trash that says absolutely about how the product uses said technology.

Yes

That’s a gauss gun, not a railgun. Still cool, though.

No, that sounds like adaptive brightness, HDR is more like localized brightness overdrive, particularly in gaming and film.

AutoHDR is only available in Windows 11. Granted, HDR uptake on PC monitors has been abysmal, it’s a great feature for the few that might use it.

While I appreciate this, there were far too many questions, which were pretty technical for a layperson. And even after picking the most basic options, I was still presented with like six variants of Ubuntu, including Mint and Elementary.

How about something like:

• Do you use your computer more for games, or for work?
• How much do you care about open source?
• Do you know what a makefile is?

While I get the sentiment, historically, readmes have been text only, and should predominately focus on usage options, not a sales pitch. Today in GitHub, these files support markdown, but the level of effort is probably two orders of magnitude higher than a text readme alone.

Think of a readme file on GitHub/distributed with the binary more as a man page than a proper website.

I can understand Teams in Office, particularly O365 for organizations… what I don’t get is Teams being mandatory in Windows 11…