Average number of hours between #curl security reports
-
Average number of hours between #curl security reports
Material for a pending presentation
-
Average number of hours between #curl security reports
Material for a pending presentation
@bagder Please correlate with number of security related bugs introduced into codebase per time slice.
-
Average number of hours between #curl security reports
Material for a pending presentation
Share of reports that identified bugs (not vulns)
-
@bagder Please correlate with number of security related bugs introduced into codebase per time slice.
-
Share of reports that identified bugs (not vulns)
@bagder interesting. Any idea what causes the increased share of reports that identified bugs?
-
Share of reports that identified bugs (not vulns)
Confirmed vulnerability rate in reports, year to year so far.
-
@bagder interesting. Any idea what causes the increased share of reports that identified bugs?
@felix_eckhardt improved tooling. AI.
-
Confirmed vulnerability rate in reports, year to year so far.
To sum up:
Much higher submission rate. Much higher quality reports. More bugs and more vulnerabilities identified.
-
-
To sum up:
Much higher submission rate. Much higher quality reports. More bugs and more vulnerabilities identified.
also of course: the forecast for 2026 says that we will report a lot of #curl CVEs this year...
-
also of course: the forecast for 2026 says that we will report a lot of #curl CVEs this year...
@bagder@mastodon.social at least 365?
-
@bagder@mastodon.social at least 365?
@bagder@mastodon.social oh wait, just one fifth of that
-
also of course: the forecast for 2026 says that we will report a lot of #curl CVEs this year...
Oh, and... AI slop rate in submissions has gone back to 2024 levels
-
Oh, and... AI slop rate in submissions has gone back to 2024 levels
@bagder yaaaaaaay nature is healing
-
Confirmed vulnerability rate in reports, year to year so far.
@bagder Vulnerability of what/where/who exactly?
-
@bagder Vulnerability of what/where/who exactly?
@eliskunk in curl
-
Oh, and... AI slop rate in submissions has gone back to 2024 levels
@bagder do you think itโs because you removed the bug bounty program or because the tools are getting better?
-
@bagder do you think itโs because you removed the bug bounty program or because the tools are getting better?
@lukstru since this trend is seen across many projects, we can be fairly sure that nothing we did specifically drives this change
-
System shared this topic
๏ธ 
