daniel:// stenberg://

daniel:// stenberg://

1 year ago • •

daniel:// stenberg://
1 year ago • •

This #curl Friday graph is the "CVE age in code" one refurbished. I cleaned it up a little and added a median plot to it next to the average. Very similar!

The graph shows all 145 curl CVEs and the number of days each of them existing in shipped source code until fixed.

#curl

in reply to daniel:// stenberg://

Jimmy Sjölund

in reply to daniel:// stenberg:// • 1 year ago • •

I'm curious, how many days after discovery/reporting?

in reply to Jimmy Sjölund

daniel:// stenberg://

in reply to Jimmy Sjölund • 1 year ago • •

@jimmysjolund the time from discovery to shipped fix is always very low. Another graph:

@Jimmy Sjölund

in reply to daniel:// stenberg://

Jimmy Sjölund

in reply to daniel:// stenberg:// • 1 year ago • •

👏

in reply to daniel:// stenberg://

Lambda

in reply to daniel:// stenberg:// • 1 year ago • •

that's a really good graph! Interesting to see that there are still vulnerabilities being found that have been there since day 1.

in reply to Lambda

daniel:// stenberg://

in reply to Lambda • 1 year ago • •

@lambda yeah, it's actually quite fascinating I think!

@Lambda

Unknown parent

daniel:// stenberg://

Unknown parent • 1 year ago • •

@krinkle the X axis are all the CVEs and they have not been reported linearly over time

@Timo Tijhof

⇧