daniel:// stenberg://

1 day ago

daniel:// stenberg://
1 day ago

We seem to have data that confirms that the #curl bug-bounty has received a steep increased submission rate through 2025, while several other Open Source programs also hosted on Hackerone have not. (There's a graph coming in my pending blog post.)

What could possibly be the reason for us taking more heat and more junk than others? Why oh why?

#curl

in reply to daniel:// stenberg://

Mx Autumn

in reply to daniel:// stenberg:// 1 day ago

could it be because your a household brand? Even my grandmother has heard of curl; she doesn’t know what it does aside from being in the computer. Could being more well known have resulted in people focusing on the project over others?

in reply to daniel:// stenberg://

Alessandro Lai

in reply to daniel:// stenberg:// 1 day ago

wild guess: possibly, being one of the most public, most used OSS projects out there, LLMs have more info on that and so, when left run wild, they "find" more possible vulnerabilities?

This entry was edited (1 day ago)

in reply to daniel:// stenberg://

Fabrice Roux

in reply to daniel:// stenberg:// 1 day ago

being near the top of the alphabet probably doesn’t help. Are you willing to rename this little project or yours to « zurl » ? 😬

⇧

daniel:// stenberg://

daniel:// stenberg:// 1 day ago • •

Mx Autumn

Alessandro Lai

Fabrice Roux

daniel:// stenberg://
1 day ago