Important heads-up to FOSS maintainers by Daniel from curl:
-
Important heads-up to FOSS maintainers by Daniel from curl:
"Any project that has not scanned their source code with AI powered tooling will likely find huge number of flaws, bugs and possible vulnerabilities with this new generation of tools."
Since I'm working for Alpha-Omega currently, please reach out to me if you could use some support regarding this. We're setting up various programs to help FOSS maintainers in the times of "high-quality chaos".
https://daniel.haxx.se/blog/2026/05/11/mythos-finds-a-curl-vulnerability/
-
R relay@relay.infosec.exchange shared this topic
-
Important heads-up to FOSS maintainers by Daniel from curl:
"Any project that has not scanned their source code with AI powered tooling will likely find huge number of flaws, bugs and possible vulnerabilities with this new generation of tools."
Since I'm working for Alpha-Omega currently, please reach out to me if you could use some support regarding this. We're setting up various programs to help FOSS maintainers in the times of "high-quality chaos".
https://daniel.haxx.se/blog/2026/05/11/mythos-finds-a-curl-vulnerability/
@mechko Is any open source project in scope? If I maintain an open source project, can I just ask you to run it against my project?
-
Important heads-up to FOSS maintainers by Daniel from curl:
"Any project that has not scanned their source code with AI powered tooling will likely find huge number of flaws, bugs and possible vulnerabilities with this new generation of tools."
Since I'm working for Alpha-Omega currently, please reach out to me if you could use some support regarding this. We're setting up various programs to help FOSS maintainers in the times of "high-quality chaos".
https://daniel.haxx.se/blog/2026/05/11/mythos-finds-a-curl-vulnerability/
-
R relay@relay.publicsquare.global shared this topic
-
Important heads-up to FOSS maintainers by Daniel from curl:
"Any project that has not scanned their source code with AI powered tooling will likely find huge number of flaws, bugs and possible vulnerabilities with this new generation of tools."
Since I'm working for Alpha-Omega currently, please reach out to me if you could use some support regarding this. We're setting up various programs to help FOSS maintainers in the times of "high-quality chaos".
https://daniel.haxx.se/blog/2026/05/11/mythos-finds-a-curl-vulnerability/
@mechko in other words, the cURL codebase is, with apologies to Douglas Adams, “Mostly Bugless”?
-
Important heads-up to FOSS maintainers by Daniel from curl:
"Any project that has not scanned their source code with AI powered tooling will likely find huge number of flaws, bugs and possible vulnerabilities with this new generation of tools."
Since I'm working for Alpha-Omega currently, please reach out to me if you could use some support regarding this. We're setting up various programs to help FOSS maintainers in the times of "high-quality chaos".
https://daniel.haxx.se/blog/2026/05/11/mythos-finds-a-curl-vulnerability/
@mechko The only thing that's surprising is that it found only one vulnerability. Curl is a monster of a package with huge numbers of dependencies.
-
@mechko The only thing that's surprising is that it found only one vulnerability. Curl is a monster of a package with huge numbers of dependencies.
@eliotlear @mechko and another good point, the tooling doesn't find new classes of exploits or new approaches to break code.
Lots of old and familiar kind of holes to go through, still..
-
Important heads-up to FOSS maintainers by Daniel from curl:
"Any project that has not scanned their source code with AI powered tooling will likely find huge number of flaws, bugs and possible vulnerabilities with this new generation of tools."
Since I'm working for Alpha-Omega currently, please reach out to me if you could use some support regarding this. We're setting up various programs to help FOSS maintainers in the times of "high-quality chaos".
https://daniel.haxx.se/blog/2026/05/11/mythos-finds-a-curl-vulnerability/
@mechko Do you know why it took so long for curl to get access to Mythos? Is there a long line of projects waiting...?
-
P pixelate@tweesecake.social shared this topic
