daniel:// stenberg://
The #curl vulnerability mountain. A visualization I like. https://curl.se/dashboard1.html#vulnerabilities-in-code
7:10amWeb
Show thread/~gfaster 7h ago
@bagder what changed in late 2016?
Show threadBitan Nath3h ago
@gfaster @bagder yeah why isnt anyone answering this? What changed in 2016-2017?
Show threadCgX 7h ago
@bagder You should try to balance that out with the weight of the source code :)
Show threadjaj7h ago
@bagder That shows the codebase is mature. Usually that's where people decide to rewrite everything in Rust
Show thread Kura  :kura_explode:7h ago
@bagder Question:
Did you have the vulnerability rating early on, or did you / someone go over old vulns retroactively and rated them?
Show threaddaniel:// stenberg://7h ago
@kura we had them set fairly early on, but yes we have gone back and retroactively added a lot of additional details on the old ones, for science. Or perhaps for better graphs.
Show threadandrybak5h ago
@bagder I'd add "found" or "known" to the caption just to highlight the fact that the work of securing curl hasn't reached its end, it still has to be done
Show threaddaniel:// stenberg://5h ago
@andrybak good point, it is certainly just a snapshot in time that *will* change
Show threadMrCheeze18m ago
What happened in 2017?