One of my fav graphs of #curl improvement in recent years, is the one showing vulnerabilities reported separated between low/medium and high/critical.
The report frequency has gone up, but they are less critical these days.
⇧
daniel:// stenberg://
in reply to daniel:// stenberg:// • • •long term improvements is super hard to confirm since the average age a security problem has existed once reported is still around eight years.
So after eight years or so we start to get a picture if we have indeed improved.
daniel:// stenberg://
in reply to daniel:// stenberg:// • • •Kal Feher
in reply to daniel:// stenberg:// • • •Lori Olson
in reply to daniel:// stenberg:// • • •Peter Bindels
in reply to daniel:// stenberg:// • • •Can you compare the graph of knowledge over time? IE, if you take now and looking back X years, and compare that to a year ago, looking back X years, does the graph change shape?
If you're improving it should be flatter now (since there were fewer security issues to be fixed).
daniel:// stenberg://
in reply to Peter Bindels • • •