daniel:// stenberg://

2 years ago

daniel:// stenberg://
2 years ago

This #curl Friday graph is the "CVE age in code" one refurbished. I cleaned it up a little and added a median plot to it next to the average. Very similar!

The graph shows all 145 curl CVEs and the number of days each of them existing in shipped source code until fixed.

#curl

in reply to daniel:// stenberg://

Jimmy Sjölund

in reply to daniel:// stenberg:// 2 years ago

I'm curious, how many days after discovery/reporting?

in reply to Jimmy Sjölund

daniel:// stenberg://

in reply to Jimmy Sjölund 2 years ago

@jimmysjolund the time from discovery to shipped fix is always very low. Another graph:

@Jimmy Sjölund

in reply to daniel:// stenberg://

Jimmy Sjölund

in reply to daniel:// stenberg:// 2 years ago

👏

in reply to daniel:// stenberg://

Lambda

in reply to daniel:// stenberg:// 2 years ago

that's a really good graph! Interesting to see that there are still vulnerabilities being found that have been there since day 1.

in reply to Lambda

daniel:// stenberg://

in reply to Lambda 2 years ago

@lambda yeah, it's actually quite fascinating I think!

@Lambda

Unknown parent

daniel:// stenberg://

Unknown parent 2 years ago

@krinkle the X axis are all the CVEs and they have not been reported linearly over time

@Timo Tijhof

⇧

daniel:// stenberg://

daniel:// stenberg:// 2 years ago • •

Jimmy Sjölund

daniel:// stenberg://

Jimmy Sjölund

Lambda

daniel:// stenberg://

daniel:// stenberg://

daniel:// stenberg://
2 years ago