daniel:// stenberg:// 2 months ago • • daniel:// stenberg:// 2 months ago • • Working on a new graph.Total severity distribution in #curl vulnerability reports #curl Languages Search Text Share via ...
in reply to daniel:// stenberg:// BenBE in reply to daniel:// stenberg:// • 2 months ago • • What would this look like with the 4 categories separate? Languages Search Text Share via ...
in reply to BenBE daniel:// stenberg:// in reply to BenBE • 2 months ago • • @benbe good call. I'll show all four of them separately... @BenBE Languages Search Text Share via ...
in reply to daniel:// stenberg:// Florian Schmidt in reply to daniel:// stenberg:// • 2 months ago • • One question for my understanding:Are these all coded by the CVSS 3.0 formula, or is there a change to 4.0 within the graph? Languages Search Text Share via ...
in reply to Florian Schmidt daniel:// stenberg:// in reply to Florian Schmidt • 2 months ago • • @schmidt_fu neither, this is the curl security team's severity classification. We don't do anything else @Florian Schmidt Languages Search Text Share via ...
in reply to daniel:// stenberg:// Florian Schmidt in reply to daniel:// stenberg:// • 2 months ago • • Thank you, I'm just learning about these differences.How do you assign those numbers? Languages Search Text Share via ...
in reply to Florian Schmidt daniel:// stenberg:// in reply to Florian Schmidt • 2 months ago • • @schmidt_fu we don't use numbers. We use low, medium, high and critical only: curl.se/dev/vuln-disclosure.ht…curl - Vulnerability Disclosure Policycurl.se @Florian Schmidt Languages Search Text Share via ...
in reply to daniel:// stenberg:// Florian Schmidt in reply to daniel:// stenberg:// • 2 months ago • • That sounds reasonable and explain a lot more than I could ask, thanks again! Languages Search Text Share via ...
in reply to daniel:// stenberg:// Maxime Thiebaut in reply to daniel:// stenberg:// • 2 months ago • • For reported or confirmed vulnerabilities? Languages Search Text Share via ...
in reply to Maxime Thiebaut daniel:// stenberg:// in reply to Maxime Thiebaut • 2 months ago • • @0xThiebaut confirmed, we don't care about the rest @Maxime Thiebaut Languages Search Text Share via ...
in reply to daniel:// stenberg:// Stefan Eissing in reply to daniel:// stenberg:// • 2 months ago • • this *might* look to the casual viewer as if we have had 20% of the CVEs this year as high/critical.I know you count the total accumulated. Languages Search Text Share via ...
in reply to Stefan Eissing daniel:// stenberg:// in reply to Stefan Eissing • 2 months ago • • @icing I tweaked the title a little to maybe help understanding @Stefan Eissing Languages Search Text Share via ...
in reply to daniel:// stenberg:// daniel:// stenberg:// in reply to daniel:// stenberg:// • 2 months ago • • Okay, split into the proper distinct severity levels it looks a little funkier: Languages Search Text Share via ...
in reply to daniel:// stenberg:// daniel:// stenberg:// in reply to daniel:// stenberg:// • 2 months ago • • when smoothed out, almost a work of art Languages Search Text Share via ...
in reply to daniel:// stenberg:// mhoye in reply to daniel:// stenberg:// • 2 months ago • • flag of curl nation. Languages Search Text Share via ...
in reply to daniel:// stenberg:// daniel:// stenberg:// in reply to daniel:// stenberg:// • 2 months ago • • I'm not a graphaholic, I can stop whenever I want 😎 Languages Search Text Share via ...
in reply to daniel:// stenberg:// bert hubert 🇺🇦🇪🇺🇺🇦 in reply to daniel:// stenberg:// • 2 months ago • • same Languages Search Text Share via ...
in reply to bert hubert 🇺🇦🇪🇺🇺🇦 daniel:// stenberg:// in reply to bert hubert 🇺🇦🇪🇺🇺🇦 • 2 months ago • • @bert_hubert curl.se/dashboard.htmlcurl - Project status dashboardcurl.se @bert hubert 🇺🇦🇪🇺🇺🇦 Languages Search Text Share via ...
in reply to daniel:// stenberg:// bert hubert 🇺🇦🇪🇺🇺🇦 in reply to daniel:// stenberg:// • 2 months ago • • I'm clearly outclassed here Languages Search Text Share via ...
in reply to daniel:// stenberg:// Jake Hildreth (acorn) in reply to daniel:// stenberg:// • 2 months ago • • @bert_hubert 😍 @bert hubert 🇺🇦🇪🇺🇺🇦 Languages Search Text Share via ...
in reply to daniel:// stenberg:// Julien / Sphinx in reply to daniel:// stenberg:// • 2 months ago • • is there a 'number of graphs produced over time' graph? Languages Search Text Share via ...
in reply to Julien / Sphinx daniel:// stenberg:// in reply to Julien / Sphinx • 2 months ago • • @Sphinx_Pouet of course! @Julien / Sphinx Languages Search Text Share via ...
in reply to daniel:// stenberg:// Jak2k 🇪🇺 in reply to daniel:// stenberg:// • 2 months ago • • You should never ever be let near a Grafana.I already speed too much time creating dashboards. I can't image how many charts you would create in it. Languages Search Text Share via ...
in reply to daniel:// stenberg:// tehfishman in reply to daniel:// stenberg:// • 2 months ago • • what does total volume over time look like? High/critical reports are down as a percentage, but is the total volume down as well? This entry was edited (2 months ago) Languages Search Text Share via ...
in reply to tehfishman daniel:// stenberg:// in reply to tehfishman • 2 months ago • • @tehfishman this shows distribution among all reports accumulated. That is an ever increasing amount. @tehfishman Languages Search Text Share via ...
in reply to daniel:// stenberg:// linus in reply to daniel:// stenberg:// • 2 months ago • • what happened in 2014? Languages Search Text Share via ...
in reply to linus daniel:// stenberg:// in reply to linus • 2 months ago • • @linus we hadn't gotten that many reports before that and they were almost all quite serious. Then in 2014 we got a whole bunch of medium-rated ones and only one high @linus Languages Search Text Share via ...
in reply to daniel:// stenberg:// Martin in reply to daniel:// stenberg:// • 2 months ago • • Before 2006 you didn't differentiate and therefore show all as critical? Languages Search Text Share via ...
in reply to Martin daniel:// stenberg:// in reply to Martin • 2 months ago • • @martin until 2006 all reports we got were actually deemed critical. There were very few @Martin Languages Search Text Share via ...
in reply to daniel:// stenberg:// Oxyte in reply to daniel:// stenberg:// • 2 months ago • • I like this one! Looks like the skyline of a smaller city against a crimson sunset. Languages Search Text Share via ...
BenBE
in reply to daniel:// stenberg:// • • •daniel:// stenberg://
in reply to BenBE • • •Florian Schmidt
in reply to daniel:// stenberg:// • • •Are these all coded by the CVSS 3.0 formula, or is there a change to 4.0 within the graph?
daniel:// stenberg://
in reply to Florian Schmidt • • •Florian Schmidt
in reply to daniel:// stenberg:// • • •How do you assign those numbers?
daniel:// stenberg://
in reply to Florian Schmidt • • •curl - Vulnerability Disclosure Policy
curl.seFlorian Schmidt
in reply to daniel:// stenberg:// • • •Maxime Thiebaut
in reply to daniel:// stenberg:// • • •daniel:// stenberg://
in reply to Maxime Thiebaut • • •Stefan Eissing
in reply to daniel:// stenberg:// • • •this *might* look to the casual viewer as if we have had 20% of the CVEs this year as high/critical.
I know you count the total accumulated.
daniel:// stenberg://
in reply to Stefan Eissing • • •daniel:// stenberg://
in reply to daniel:// stenberg:// • • •daniel:// stenberg://
in reply to daniel:// stenberg:// • • •mhoye
in reply to daniel:// stenberg:// • • •daniel:// stenberg://
in reply to daniel:// stenberg:// • • •bert hubert 🇺🇦🇪🇺🇺🇦
in reply to daniel:// stenberg:// • • •daniel:// stenberg://
in reply to bert hubert 🇺🇦🇪🇺🇺🇦 • • •curl - Project status dashboard
curl.sebert hubert 🇺🇦🇪🇺🇺🇦
in reply to daniel:// stenberg:// • • •Jake Hildreth (acorn)
in reply to daniel:// stenberg:// • • •Julien / Sphinx
in reply to daniel:// stenberg:// • • •daniel:// stenberg://
in reply to Julien / Sphinx • • •Jak2k 🇪🇺
in reply to daniel:// stenberg:// • • •You should never ever be let near a Grafana.
I already speed too much time creating dashboards. I can't image how many charts you would create in it.
tehfishman
in reply to daniel:// stenberg:// • • •daniel:// stenberg://
in reply to tehfishman • • •linus
in reply to daniel:// stenberg:// • • •daniel:// stenberg://
in reply to linus • • •Martin
in reply to daniel:// stenberg:// • • •daniel:// stenberg://
in reply to Martin • • •Oxyte
in reply to daniel:// stenberg:// • • •