{"id":31674,"date":"2019-11-07T08:07:05","date_gmt":"2019-11-07T08:07:05","guid":{"rendered":"https:\/\/www.threatshub.org\/blog\/were-almost-into-the-third-decade-of-the-21st-century-and-were-still-grading-security-bugs-out-of-10-like-kids-why\/"},"modified":"2019-11-07T08:07:05","modified_gmt":"2019-11-07T08:07:05","slug":"were-almost-into-the-third-decade-of-the-21st-century-and-were-still-grading-security-bugs-out-of-10-like-kids-why","status":"publish","type":"post","link":"https:\/\/www.threatshub.org\/blog\/were-almost-into-the-third-decade-of-the-21st-century-and-were-still-grading-security-bugs-out-of-10-like-kids-why\/","title":{"rendered":"We&#8217;re almost into the third decade of the 21st century and we&#8217;re still grading security bugs out of 10 like kids. Why?"},"content":{"rendered":"<p><strong class=\"trailer\">Disclosure<\/strong> The way we rate the severity of computer security vulnerabilities and bugs needs to change if people and businesses want to be better protected from malware and cyber-crime.<\/p>\n<p>So says Marc Rogers, executive director of cybersecurity at Okta and head of security at the world&#8217;s biggest hacking conference DEF CON.<\/p>\n<p>Speaking to <em>The Register<\/em> at Okta&#8217;s Disclosure conference in San Francisco this week, Rogers reckoned today&#8217;s methods of scoring and classifying security vulnerabilities reflects a dated system that didn&#8217;t take into account the way that modern attackers operate.<\/p>\n<p>&#8220;The challenge is the whole vulnerability management space has been evolving,&#8221; Rogers said, &#8220;but it is being outpaced by the evolution of how we leverage attacks.&#8221;<\/p>\n<p>In particular, Rogers said, approaches such as the <a target=\"_blank\" rel=\"nofollow noopener noreferrer\" href=\"https:\/\/nvd.nist.gov\/vuln-metrics\/cvss\/v3-calculator\">CVSS scoring system<\/a> led to an overemphasis on specific qualities of single vulnerabilities in isolation, and ignored the wider context, threat model, and potential for miscreants to exploit security weaknesses in a chain to cause unexpected damage. The old system of scoring security blunders from 0 (benign) to 10 (really bad) with various flags (eg, remotely or locally exploitable) just isn&#8217;t going to cut it, in other words.<\/p>\n<p>For example, while a business would, ideally, swiftly patch a remote-code execution flaw that has a high CVSS score, lower-scored bugs, such as elevation-of-privilege and information-disclosure holes, might not be treated as a priority.<\/p>\n<p>And yet hackers could, for instance, exploit a data-leak vulnerability to obtain enough information to log into a system, and then exploit the privilege escalation flaw to fully hijack that box. Thus, the two low-scoring bugs could wind up as bad if not worse than the scary remote-code execution flaw, and yet may not be seen as a priority due to their CVSS rating.<\/p>\n<p>&#8220;It is complex, but there is nothing in the assessment process to deal with that,&#8221; Rogers said. &#8220;It has lulled us into a false sense of security where we look at the score, and so long as it is low we don&#8217;t allocate the resources.&#8221;<\/p>\n<p>Then there is the context of a bug. Rogers noted that, for example, a vulnerability that lets an attacker print text on a screen would barely move the needle in terms of a CVSS score. If that bug were to be exploited on, say, an in-flight entertainment screen or police signage, a scumbag could spark panic and chaos on a par with any simple system takeover.<\/p>\n<div class=\"promo_article\"><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/regmedia.co.uk\/2015\/12\/10\/katie_moussouris.jpg?x=174&amp;y=115&amp;crop=1\" width=\"174\" height=\"115\" alt=\"bugs\"><\/p>\n<h2 title=\"Katie Moussouris speaks out on modern-day flaw finding and infosec jobs\">Before you high-five yourselves for setting up that bug bounty, you&#8217;ve got the staff in place to actually deal with security, right?<\/h2>\n<p><a href=\"https:\/\/www.theregister.co.uk\/2019\/11\/06\/disclosure_bug_bounties\/\"><span>READ MORE<\/span><\/a><\/div>\n<p>There are also cases where seemingly harmless or esoteric bugs become big headaches once hackers find creative uses for them. Rogers pointed to the <a target=\"_blank\" rel=\"nofollow noopener noreferrer\" href=\"https:\/\/www.theregister.co.uk\/2015\/03\/10\/rowhammer\/\">Rowhammer attack<\/a>, in which malware can alter data in memory that should be out of reach, as one such example. Flipping one or two bits in RAM doesn&#8217;t sound too destructive \u2013 until you flip just the right bits in kernel memory to gain root privileges.<\/p>\n<p>&#8220;Just because a bug only allows you to do one small function, you don&#8217;t think about what the implications are,&#8221; Rogers said. &#8220;If you had assessed it based on just flipping bits, you would have thought it was just a physical vulnerability.&#8221;<\/p>\n<p>While a solution will be hard to come by, Rogers believes the first step will be to take a wider view of how we classify vulnerabilities. Rather than simply look at the immediate results of an exploit, he sees the need to take into account what that exploit could mean for the rest of the system.<\/p>\n<p>To do that, infosec staff will need to broaden their horizons and reach out to other communities.<\/p>\n<p>&#8220;That kind of assessment requires intelligence from the system builder or operator to add that context,&#8221; Rogers explained. &#8220;We need to come up with a more dynamic process that takes in the CVSS score, but also factors in knowledge from the system.&#8221; \u00ae<\/p>\n<p class=\"wptl btm\"><span>Sponsored:<\/span> <a href=\"https:\/\/go.theregister.co.uk\/tl\/1858\/-7813\/how-to-get-more-from-microstrategy-by-optimising-your-data-stack?td=wptl1858\">How to get more from MicroStrategy by optimising your data stack<\/a><\/p>\n<p>READ MORE <a href=\"https:\/\/go.theregister.co.uk\/feed\/www.theregister.co.uk\/2019\/11\/07\/disclosure_marc_rogers\/\">HERE<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Infosec veteran Marc Rogers on why we need a better system to rate vulnerabilities Disclosure\u00a0 The way we rate the severity of computer security vulnerabilities and bugs needs to change if people and businesses want to be better protected from malware and cyber-crime.\u2026 READ MORE HERE&#8230;<\/p>\n","protected":false},"author":2,"featured_media":31675,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"colormag_page_layout":"default_layout","footnotes":""},"categories":[63],"tags":[],"class_list":["post-31674","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-the-register"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.6 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>We&#039;re almost into the third decade of the 21st century and we&#039;re still grading security bugs out of 10 like kids. Why? 2026 | ThreatsHub Cybersecurity News<\/title>\n<meta name=\"description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.threatshub.org\/blog\/were-almost-into-the-third-decade-of-the-21st-century-and-were-still-grading-security-bugs-out-of-10-like-kids-why\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"We&#039;re almost into the third decade of the 21st century and we&#039;re still grading security bugs out of 10 like kids. Why? 2026 | ThreatsHub Cybersecurity News\" \/>\n<meta property=\"og:description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.threatshub.org\/blog\/were-almost-into-the-third-decade-of-the-21st-century-and-were-still-grading-security-bugs-out-of-10-like-kids-why\/\" \/>\n<meta property=\"og:site_name\" content=\"ThreatsHub Cybersecurity News\" \/>\n<meta property=\"article:published_time\" content=\"2019-11-07T08:07:05+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2019\/11\/were-almost-into-the-third-decade-of-the-21st-century-and-were-still-grading-security-bugs-out-of-10-like-kids-why.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"174\" \/>\n\t<meta property=\"og:image:height\" content=\"115\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"TH Author\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@threatshub\" \/>\n<meta name=\"twitter:site\" content=\"@threatshub\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"TH Author\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"3 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/were-almost-into-the-third-decade-of-the-21st-century-and-were-still-grading-security-bugs-out-of-10-like-kids-why\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/were-almost-into-the-third-decade-of-the-21st-century-and-were-still-grading-security-bugs-out-of-10-like-kids-why\\\/\"},\"author\":{\"name\":\"TH Author\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\"},\"headline\":\"We&#8217;re almost into the third decade of the 21st century and we&#8217;re still grading security bugs out of 10 like kids. Why?\",\"datePublished\":\"2019-11-07T08:07:05+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/were-almost-into-the-third-decade-of-the-21st-century-and-were-still-grading-security-bugs-out-of-10-like-kids-why\\\/\"},\"wordCount\":695,\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/were-almost-into-the-third-decade-of-the-21st-century-and-were-still-grading-security-bugs-out-of-10-like-kids-why\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2019\\\/11\\\/were-almost-into-the-third-decade-of-the-21st-century-and-were-still-grading-security-bugs-out-of-10-like-kids-why.jpg\",\"articleSection\":[\"The Register\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/were-almost-into-the-third-decade-of-the-21st-century-and-were-still-grading-security-bugs-out-of-10-like-kids-why\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/were-almost-into-the-third-decade-of-the-21st-century-and-were-still-grading-security-bugs-out-of-10-like-kids-why\\\/\",\"name\":\"We're almost into the third decade of the 21st century and we're still grading security bugs out of 10 like kids. Why? 2026 | ThreatsHub Cybersecurity News\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/were-almost-into-the-third-decade-of-the-21st-century-and-were-still-grading-security-bugs-out-of-10-like-kids-why\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/were-almost-into-the-third-decade-of-the-21st-century-and-were-still-grading-security-bugs-out-of-10-like-kids-why\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2019\\\/11\\\/were-almost-into-the-third-decade-of-the-21st-century-and-were-still-grading-security-bugs-out-of-10-like-kids-why.jpg\",\"datePublished\":\"2019-11-07T08:07:05+00:00\",\"description\":\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/were-almost-into-the-third-decade-of-the-21st-century-and-were-still-grading-security-bugs-out-of-10-like-kids-why\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/were-almost-into-the-third-decade-of-the-21st-century-and-were-still-grading-security-bugs-out-of-10-like-kids-why\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/were-almost-into-the-third-decade-of-the-21st-century-and-were-still-grading-security-bugs-out-of-10-like-kids-why\\\/#primaryimage\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2019\\\/11\\\/were-almost-into-the-third-decade-of-the-21st-century-and-were-still-grading-security-bugs-out-of-10-like-kids-why.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2019\\\/11\\\/were-almost-into-the-third-decade-of-the-21st-century-and-were-still-grading-security-bugs-out-of-10-like-kids-why.jpg\",\"width\":174,\"height\":115},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/were-almost-into-the-third-decade-of-the-21st-century-and-were-still-grading-security-bugs-out-of-10-like-kids-why\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"We&#8217;re almost into the third decade of the 21st century and we&#8217;re still grading security bugs out of 10 like kids. Why?\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"name\":\"ThreatsHub Cybersecurity News\",\"description\":\"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"alternateName\":\"Threatshub.org\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\",\"name\":\"ThreatsHub.org\",\"alternateName\":\"Threatshub.org\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"width\":432,\"height\":435,\"caption\":\"ThreatsHub.org\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/x.com\\\/threatshub\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\",\"name\":\"TH Author\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"caption\":\"TH Author\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"We're almost into the third decade of the 21st century and we're still grading security bugs out of 10 like kids. Why? 2026 | ThreatsHub Cybersecurity News","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.threatshub.org\/blog\/were-almost-into-the-third-decade-of-the-21st-century-and-were-still-grading-security-bugs-out-of-10-like-kids-why\/","og_locale":"en_US","og_type":"article","og_title":"We're almost into the third decade of the 21st century and we're still grading security bugs out of 10 like kids. Why? 2026 | ThreatsHub Cybersecurity News","og_description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","og_url":"https:\/\/www.threatshub.org\/blog\/were-almost-into-the-third-decade-of-the-21st-century-and-were-still-grading-security-bugs-out-of-10-like-kids-why\/","og_site_name":"ThreatsHub Cybersecurity News","article_published_time":"2019-11-07T08:07:05+00:00","og_image":[{"width":174,"height":115,"url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2019\/11\/were-almost-into-the-third-decade-of-the-21st-century-and-were-still-grading-security-bugs-out-of-10-like-kids-why.jpg","type":"image\/jpeg"}],"author":"TH Author","twitter_card":"summary_large_image","twitter_creator":"@threatshub","twitter_site":"@threatshub","twitter_misc":{"Written by":"TH Author","Est. reading time":"3 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.threatshub.org\/blog\/were-almost-into-the-third-decade-of-the-21st-century-and-were-still-grading-security-bugs-out-of-10-like-kids-why\/#article","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/were-almost-into-the-third-decade-of-the-21st-century-and-were-still-grading-security-bugs-out-of-10-like-kids-why\/"},"author":{"name":"TH Author","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476"},"headline":"We&#8217;re almost into the third decade of the 21st century and we&#8217;re still grading security bugs out of 10 like kids. Why?","datePublished":"2019-11-07T08:07:05+00:00","mainEntityOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/were-almost-into-the-third-decade-of-the-21st-century-and-were-still-grading-security-bugs-out-of-10-like-kids-why\/"},"wordCount":695,"publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/were-almost-into-the-third-decade-of-the-21st-century-and-were-still-grading-security-bugs-out-of-10-like-kids-why\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2019\/11\/were-almost-into-the-third-decade-of-the-21st-century-and-were-still-grading-security-bugs-out-of-10-like-kids-why.jpg","articleSection":["The Register"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.threatshub.org\/blog\/were-almost-into-the-third-decade-of-the-21st-century-and-were-still-grading-security-bugs-out-of-10-like-kids-why\/","url":"https:\/\/www.threatshub.org\/blog\/were-almost-into-the-third-decade-of-the-21st-century-and-were-still-grading-security-bugs-out-of-10-like-kids-why\/","name":"We're almost into the third decade of the 21st century and we're still grading security bugs out of 10 like kids. Why? 2026 | ThreatsHub Cybersecurity News","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/were-almost-into-the-third-decade-of-the-21st-century-and-were-still-grading-security-bugs-out-of-10-like-kids-why\/#primaryimage"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/were-almost-into-the-third-decade-of-the-21st-century-and-were-still-grading-security-bugs-out-of-10-like-kids-why\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2019\/11\/were-almost-into-the-third-decade-of-the-21st-century-and-were-still-grading-security-bugs-out-of-10-like-kids-why.jpg","datePublished":"2019-11-07T08:07:05+00:00","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","breadcrumb":{"@id":"https:\/\/www.threatshub.org\/blog\/were-almost-into-the-third-decade-of-the-21st-century-and-were-still-grading-security-bugs-out-of-10-like-kids-why\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.threatshub.org\/blog\/were-almost-into-the-third-decade-of-the-21st-century-and-were-still-grading-security-bugs-out-of-10-like-kids-why\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/were-almost-into-the-third-decade-of-the-21st-century-and-were-still-grading-security-bugs-out-of-10-like-kids-why\/#primaryimage","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2019\/11\/were-almost-into-the-third-decade-of-the-21st-century-and-were-still-grading-security-bugs-out-of-10-like-kids-why.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2019\/11\/were-almost-into-the-third-decade-of-the-21st-century-and-were-still-grading-security-bugs-out-of-10-like-kids-why.jpg","width":174,"height":115},{"@type":"BreadcrumbList","@id":"https:\/\/www.threatshub.org\/blog\/were-almost-into-the-third-decade-of-the-21st-century-and-were-still-grading-security-bugs-out-of-10-like-kids-why\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.threatshub.org\/blog\/"},{"@type":"ListItem","position":2,"name":"We&#8217;re almost into the third decade of the 21st century and we&#8217;re still grading security bugs out of 10 like kids. Why?"}]},{"@type":"WebSite","@id":"https:\/\/www.threatshub.org\/blog\/#website","url":"https:\/\/www.threatshub.org\/blog\/","name":"ThreatsHub Cybersecurity News","description":"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform","publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"alternateName":"Threatshub.org","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.threatshub.org\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.threatshub.org\/blog\/#organization","name":"ThreatsHub.org","alternateName":"Threatshub.org","url":"https:\/\/www.threatshub.org\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","width":432,"height":435,"caption":"ThreatsHub.org"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/threatshub"]},{"@type":"Person","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476","name":"TH Author","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","caption":"TH Author"}}]}},"_links":{"self":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/31674","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/comments?post=31674"}],"version-history":[{"count":0,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/31674\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media\/31675"}],"wp:attachment":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media?parent=31674"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/categories?post=31674"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/tags?post=31674"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}