I'm removing the Availability part of the security triad.
Uptime is simply not as important as integrity or confidentiality.
DOS does not deserve to be considered a Major Cyber Risk, it should never receive a CVE above 2.
By the existing logic, GET requests remain the single-most critical widely used DDOS exploit that has prevailed for 50 years with regular news headline coverage.
If availability is important to you, then setup a HA cluster and monitor it closely. Or better yet, setup some open-source contribution department, or a development fund and fix these issues yourself.
Too many critical security alerts are clogged up by theoretical DOS methods that already require someone to be in the network.
It simply doesn't deserve to be the same.
#security #oss #cve