Post · bonfire.cafe

Post

We are at *twenty* hackerone submissions so for #curl far this year. Zero of them a confirmed vulnerability.

@fm_volker@mastodon.social replied · 3 days ago

@bagder Wasn’t 📈exponential growth📈 what every project was hoping to achieve?!

Maybe it should be mandatory that the HackerOne submission must be done with `curl -X PUT … `, including BearerTokens/OAuth etc?

@jpmens@mastodon.social replied · 3 days ago

@bagder that screams for a new graph: "average number of hackerone submissions to the curl project per day". :)

@bagder@mastodon.social replied · 3 days ago

@jpmens I foolish thought *per year* would be the appropriate time frame: https://curl.se/dashboard1.html#hackerone (the graph hasn't updated yet)

@nCrazed@fd00.space replied · 3 days ago

@bagder was there at least one "could be seen as a bug if you squint hard enough"?

@bagder@mastodon.social replied · 3 days ago

@nCrazed yes, several of them were bugs in fact

@larsmb@mastodon.online replied · 3 days ago

@bagder Shld I submit a #hackerone submission for #curl, identifying hackerone as a DoS attack vector for the project, recommending depreciation?

bonfire.cafe

A space for Bonfire maintainers and contributors to communicate

Automatic federation enabled