@daniel:// stenberg://
I write curl. I don't know anything.
Relays (1)
- wss://relay.ditto.pub – read & write
Recent Notes
a LinkedIn post of the motivational kind:
#curl
#curl
I'm proud of #curl's thorough vulnerability documentation that you will have a hard time to find other projects matching. Open or closed.
https://curl.se/docs/security.html
https://curl.se/docs/security.html
Nope, no one from Anthropic Glasswing has been in touch.
nostr:nprofile1qy2hwumn8ghj7un9d3shjtnyd968gmewwp6kyqpqp450apv3j8jmqjct3ddfklzusxyfkkyqpzxx4p33u099xjzvfwwsyh2vzh nostr:nprofile1qy2hwumn8ghj7un9d3shjtnyd968gmewwp6kyqpqejmash2vtk06s5r6uyedp2ewrjpdeh4...
@nprofile1q... @nprofile1q... @nprofile1q... hah, no worries. I think I've already gotten enough names from a distributed set of projects to say that this is a trend seen "everywhere"
1
If your Open Source project sees a steep increase in number of high quality security reports (mostly done with AI) right now (#curl, Linux kernel, glibc confirmed) please tell me the name of this proj...
Apache httpd, curl, Django, Firefox, glibc, GnuTLS, Haproxy, libssh, Linux kernel, python, Temporal, Wireshark, wolfSSL
More?
More?
If your Open Source project sees a steep increase in number of high quality security reports (mostly done with AI) right now (#curl, Linux kernel, glibc confirmed) please tell me the name of this project.
(I'd like to make a little list for my coming talk on this.)
(I'd like to make a little list for my coming talk on this.)
2
Internet Bug Bounty program hits pause on payouts
“AI-assisted research is expanding vulnerability discovery across the ecosystem, increasing both coverage and speed. The balance between findings and remediation capacity in open source has substantively shifted,”
https://www.infoworld.com/article/4154210/internet-bug-bounty-program-hits-pause-on-payouts.html
“AI-assisted research is expanding vulnerability discovery across the ecosystem, increasing both coverage and speed. The balance between findings and remediation capacity in open source has substantively shifted,”
https://www.infoworld.com/article/4154210/internet-bug-bounty-program-hits-pause-on-payouts.html
There is virtually **no** AI slop security reports anymore submitted about #curl. They don't seem to happen any longer.
Almost everyone still uses AI though.
Almost everyone still uses AI though.
Hackerone submissions to #curl per quarter, Jan 1st 2023 to end of March 2026.
Sunday morning. Woke up to three fresh #curl security reports.