|
|
|
|
|
|
by readthenotes1
42 days ago
|
|
|
Kinda burying the lede:
AI tools found over a dozen CVEs in curl last year, and hundreds of bugs. "Primarily AISLE, Zeropath and OpenAI’s Codex Security have been used to scrutinize the code with AI. These tools and the analyses they have done have triggered somewhere between two and three hundred bugfixes merged in curl through-out the recent 8-10 months or so. A bunch of the findings these AI tools reported were confirmed vulnerabilities and have been published as CVEs. Probably a dozen or more." |
|
|
[1] https://lists.haxx.se/pipermail/daniel/2025-September/000127...
[2] https://www.theregister.com/software/2025/10/02/curl-project...
[3] https://news.ycombinator.com/item?id=45449348