And then they submit them to a CNA and get a CVE assigned, and then _everyone_ needs to deal with the not-actually-a-vulnerability report, especially when the not-actually-triggerable-DOS gets assigned a "Critical" CVSS score from EUVD or NVD.
And then they submit them to a CNA and get a CVE assigned, and then _everyone_ needs to deal with the not-actually-a-vulnerability report, especially when the not-actually-triggerable-DOS gets assigned a "Critical" CVSS score from EUVD or NVD.