[$] CVE-less vulnerabilities
More bugs in free software are being found these days, which is good formany reasons, but there are some possible downsides to that as well. Inaddition, projects like OSS-Fuzz arefinding lots of bugs in an automated fashion-many of which may be securityrelevant. The sheer number of bugs being reported is overwhelming many(most?) free-software projects, which simply do not have enough eyeballs tofix, or even triage, many of the reports they receive. A discussion aboutthat is currently playing out on the oss-security mailing list.