There is some drivel on OSS security about CVEs: http://openwall.com/lists/oss-security/2016/03/04/4 I have trolled on numerous occasions that CVE and mitre suck much, e.g. a post from 2006: http://seclists.org/fulldisclosure/2006/Jan/259