I suspect that CVE inflation has poisoned the minds of many developers.
A db driver may have an issue with unsanitized user input when run against SQLite, but you only use it with oracle and sanitize input anyway, but that shows up as a 9.1 critical deployment blocker for corporate employees.
Unexploitable CVEs with inflated ratings make using any open source software a pain in the butt at BigCo.
There's ton of perfectly usable 2-years old software.
I suspect that CVE inflation has poisoned the minds of many developers.
A db driver may have an issue with unsanitized user input when run against SQLite, but you only use it with oracle and sanitize input anyway, but that shows up as a 9.1 critical deployment blocker for corporate employees.
Unexploitable CVEs with inflated ratings make using any open source software a pain in the butt at BigCo.
Old does not mean vulnerable.