Trying to capture cost per vulnerability patched and why I don’t believe it’s a good idea

This post is part experiment, part memorializing a short conversation I had with Sasha Romanosky (one of the creators of CVSS). I have more thoughts on the subject of the thread which I may expand on here or on Mastodon sometime in the future.

The experiment is how well I can integrate Mastodon micro-blogging with my fledgling WordPress site. I also want to memorialize the conversation since I’ve set my Mastodon posts to self-destruct after a relatively short period of time.