Windows Security Boundaries: The Document That Decides What Gets a CVE
Microsoft maintains a single public document that decides which Windows vulnerability reports receive a CVE, a Patch Tuesday bulletin, and a bounty payout. Here is how to read it.