daniel:// stenberg://Mar 7

Looking back at all (now) published vulnerabilities in #curl that were present in code from 2020 until now, at no point in those years was the share of "C mistakes" higher than 15% of all vulns.

Through all years, the C mistake share of all vulnerabilities in #curl was never above 45% at any single point in history.

Show threaddaniel:// stenberg://Mar 7
we have three more CVEs pending that soon will expand this graph a little, but none of those is a C mistake...
Show threadChristoff, the human
@bagder I'm assume every time folks pipe up about hur dur c is insecure, RIGHT EVERYONE?! show up?
Mar 8 at 1:03amWeb
Show threadcactusdualcoreMar 8

@christoff @bagder I think a lot of enterprise code is written with much less care about its quality. This enables C bugs. I don't think - even with unsafe - Rust can solve developer incompetence and laziness, and its longer and more thorough development will actually hinder adoption in areas that require rapid development.

Hopefully software practices in general improve :)