The security reporting situation that I see at the ASF and in #curl is

- huge increase in reports
- increase of valid reports
- appearance of duplicate/triplicate reports of the same issue by different people

A high profile project needs to deal with 2-4 new reports each day. This is nuts.

One *may* hope this to go down again later this year bc
- unhallucinated issues are finite (see the fuzzing wave)
- eventually it will cost real money to generate these reports