Stenberg: The pressure

Date:
Tue, 26 May 2026 13:40:57 +0000

Description:
Curl maintainer Daniel Stenberg writes about
the stress of keeping up with the current flood of security reports. This is
a never-before seen or experienced pressure on the curl
project and its security team members. An avalanche of high
priority work that trumps all other things in the project that is
primarily mental because we certainly could ignore them all if we
wanted, but we feel a responsibility, we have a conscience and we
are proud about our work. We feel obliged to fix security problems
in the software we have helped shipped to every device on the
globe. This is personal to us. With about half the release cycle left until the pending release
ships, we already have twelve confirmed vulnerabilities meaning
twelve pending CVE announcements. That's a new project
record and it also means we will reach thirty published CVEs
in 2026 even before half the calendar year has passed. The
projected total amount of curl CVEs published through the whole
year is therefore at least double this number!

======================================================================
Link to news story:
https://lwn.net/Articles/1074449/


--- Mystic BBS v1.12 A49 (Linux/64)
* Origin: tqwNet UK HUB @ hub.uk.erb.pw (1337:1/100)