|
|
|
|
Show HN: A timeline of recent open source CVE intensity and volume
(supplychain.fail)
|
|
2 points
by mariusvaporware
22 days ago
|
|
|
I was curious what it would look like if I plotted the intensity and volume of software supply chain CVEs over time, given what seemed like a flood of compromises lately. It looked exactly as I expected, and I expect it to get worse before it gets better. Yes, an LLM was used but because I wanted the simplest possible architecture, I steered away from using any back end at all. Instead it's just GitHub pages with a static json document as the source of data, updated daily by a GitHub action which stores and parses the OSV repository. I wanted to include the Linux kernel but the complexities around how CVEs are assigned there made it difficult -- if I find a simple solution in future I'll add it. |
|
|