Mastodon Feed: Post

Mastodon Feed

Boosted by ChrisWere@toot.wales ("Chris Were ⁂🐧🌱☕"):
bagder ("daniel:// stenberg://") wrote:

a LinkedIn post of the motivational kind:

#curl

Curl is also the most secure codebase I've seen. I tried to hunt for vulnerabilities in it (having reviewed the slop report collection for fun) and got zero hits. Maybe some borderline documented behavior, but nothing with any reasonable security impact. So I probably did it right. But on almost every codebase I've reviewed extensively in the past, including glibc, I've found at least one issue with a security impact. Curl is the only one which I've found completely clean as far as I could see. I think the bounty program has been largely beneficial to curl over the years and has overall contributed positively to the project's security, despite the recent downtrend. Keep it up