Mastodawn

The number of CVEs GitHub helps open source projects disclose has more than doubled compared to any 30 day period in the past year. Many of these vulnerabilities are being discovered with LLM assistance, and a natural question is "are they slop?" Using the famously uncontroversial CVSS scores, you can see that there are more low severity and high severity scores compared to a year ago. 🤷 It's complicated!

Sources:
- https://cnapulse.org/cna-detail.html?cna=GitHub_M
- https://www.cvedetails.com/cvss-score-charts.php?fromform=1&vendor_id=&product_id=&startdate=2025-01-12&enddate=2025-02-12
- https://www.cvedetails.com/cvss-score-charts.php?fromform=1&vendor_id=&product_id=&startdate=2026-01-12&enddate=2026-02-12

Zach Steindler Jul 23, 2024

The OpenSSF DEI Working Group is hosting "How to Get Started in OSS and Cybersecurity" this Thursday, July 25th at noon EST! https://zoom-lfx.platform.linuxfoundation.org/meeting/96076071506?password=55669c40-2cc7-4492-9afc-c6ed5cffcbda

@openssf

LFX Meetings

Zach Steindler Jan 22, 2023

Sunday morning #honk @bdimcheff

Zach Steindler Jun 13, 2022

Trash panda golden hour

GitHub	https://github.com/steiza
Website	https://coffeehousecoders.org