More views on #curl vulnerabilities
daniel.haxx.se/blog/2025/07/10…
more views on curl vulnerabilities
This is an intersection of two of my obsessions: graphs and vulnerability data for the curl project. In order to track and follow every imaginable angle of development, progression and (possible) improvements in the curl project we track and log lots…daniel.haxx.se
Der Große Böse Wolff
in reply to daniel:// stenberg:// • • •daniel:// stenberg://
in reply to Der Große Böse Wolff • • •@wolff it becomes too speculative for my taste since there are so many more factors than just time. Time is mostly a factor to detect flaws, while there are countless factors that make a project introduce them.
An argument could be that when the median goes down, it is because there are more not-yet-found older bugs in there. Or maybe the quality is actually better over the last median years.
So I stick to graphing what we know.
Der Große Böse Wolff
in reply to daniel:// stenberg:// • • •that's very reasonable. I was mainly thinking out loud about the possibilities with the metrics without thinking too much about the meaning of them, which is the important part about the graphs: to give meaning to data.
PS: The graphs are cool! Thanks for making these! :)
William Richards
in reply to daniel:// stenberg:// • • •the internet is built on and therefore relies on FOSS projects and if we don’t make sure an apocalyptic event happens because of a bug or backdoor, then it could literally happen as it almost has so many times now.
I am so stressed out and terrified right now and if nothing is done to fix this then I’m actually considering jumping off the window of my home.
Goaty McGoatFace
in reply to daniel:// stenberg:// • • •