If your Open Source project sees a steep increase in number of high quality security reports (mostly done with AI) right now (#curl, Linux kernel, glibc confirmed) please tell me the name of this project.
(I'd like to make a little list for my coming talk on this.)
Apache httpd, curl, Django, Firefox, glibc, GnuTLS, Haproxy, libssh, Linux kernel, python, Temporal, Wireshark, wolfSSL
More?
Updated:
Apache httpd, curl, Django, Elasticsearch Python client, Firefox, git, glibc, GnuTLS, Haproxy, Immich, libssh, Linux kernel, OpenLDAP, PowerDNS, python, Sequoia PGP, Temporal, urllib3, Wireshark, wolfSSL
We can say with certainty that this is widespread.
The next months I will call the-open source--security-apocalypse-dark-times (of death).
Because I wanted a cheerful name that makes it not seem as bad as it is. /s
Should all responsible software be running security agents against their own software now as we do fuzzers/static analysis/tests/etc?
Or instead of being proactive do nothing? And hope it’s not just the nice people reporting the bugs that are finding the issues?
daniel:// stenberg://
René Dudfield