Vulnerability distribution present in #curl code
For every moment in time, how many vulnerabilities of different severity were present in code. We know now because these vulnerabilities have been reported and fixed since then.
The peak is at 7.41.0 on 2015-02-25 with 85 vulnerabilities present!
daniel:// stenberg://
in reply to daniel:// stenberg:// • • •Tris
in reply to daniel:// stenberg:// • • •Ingo Wichmann
in reply to daniel:// stenberg:// • • •daniel:// stenberg://
in reply to Ingo Wichmann • • •daniel:// stenberg://
in reply to Ingo Wichmann • • •Stefan Eissing
in reply to daniel:// stenberg:// • • •Jakub Jirutka πͺπΊπΊπ¦
in reply to daniel:// stenberg:// • • •Jeppe Fihl-Pearson
in reply to daniel:// stenberg:// • • •I think you should be able to graph how many unknown vulnerabilities there's been in curl over time, but graphing the time it takes between a vulnerability being introduced and it being reported.
Based on that, you might be able to guess how many unknown vulnerabilities there might be in curl right now.
Conny Duck
in reply to daniel:// stenberg:// • • •daniel:// stenberg://
in reply to Conny Duck • • •Felix Denbratt
in reply to daniel:// stenberg:// • • •very interesting to see it like this! Thank you so much for sharing
Are there any particular changes that you would say have made a significant change in identifying\fixing and preventing vulnerabilities for Curl?
daniel:// stenberg://
in reply to Felix Denbratt • • •Richard Stephens
in reply to daniel:// stenberg:// • • •daniel:// stenberg://
in reply to Richard Stephens • • •