Skip to main content

Number of announced security vulnerabilities in #curl per year, separated into high/critical vs low/medium.

These are real severity levels, not the NVD spicy versions.

#curl
in reply to daniel:// stenberg://

Gustav Wengel
Gustav Wengel
Damn what happened in 2016?
in reply to daniel:// stenberg://

Gustav Wengel
Gustav Wengel
yeah makes sense that would result in a solid spike. Really reassuring to see the amount of high critical vulns go down in the later years though! You're all doing great work
in reply to Gustav Wengel

daniel:// stenberg://
daniel:// stenberg://
@geewee thank you, I too like that fact, but it also required this split in severity to show, because of the increase of low/medium ones lately
@Gustav Wengel
in reply to daniel:// stenberg://

Stefan Arentz
Stefan Arentz
Would be interesting to see that next to some other metrics like community size or amount of change in the code base.
in reply to Stefan Arentz

daniel:// stenberg://
daniel:// stenberg://
@st3fan the issue then becomes that the vulns are counted on report date. It mostly looks messy if I add 12 month average number of LOC changed per month
@Stefan Arentz