[$] CVE-less vulnerabilities

More bugs in free software are being found these days, which is good for
many reasons, but there are some possible downsides to that as well. In
addition, projects like OSS-Fuzz are
finding lots of bugs in an automated fashion—many of which may be security
relevant. The sheer number of bugs being reported is overwhelming many
(most?) free-software projects, which simply do not have enough eyeballs to
fix, or even triage, many of the reports they receive. A discussion about
that is currently playing out on the oss-security mailing list.