It is definitely not the case that curl has been or is now a marquee vulnerability research target. It's a CLI HTTP fetcher. It's the same with sudo. It's a big deal if a sudo vulnerability gets found, because it's an extremely load-bearing piece of software, but sudo is itself not a prime target, because it doesn't do much.

▲

43ahg 2 hours ago | parent [-]

There is no claim that it is a "vulnerability research target". It is a bug finding magnet, and bugs can be found by anything from gcc warnings to AI tools.

No, it didn't attract a bluepill exploit research.

The fact that 300 bugs found in a year is not a recommendation as the pro-AI mafia suddenly claims ("because it has been analyzed!") still stands. Maybe the AI-mafia should sell "analyzed by Mythos" labels to impress people who don't write public software or find bugs for that matter.

▲

tptacek an hour ago | parent [-]

What’s a “bluepill exploit”?

▲

aSJH1 an hour ago | parent [-]

An exploit of the magnitude or impact of this one:

https://en.wikipedia.org/wiki/Blue_Pill_(software)

Now, since you are a literalist, you'll come up with some other nitpick and gain another 1000 Internet points from the AI people. Perhaps a comma is missing somewhere.

▲

enraged_camel an hour ago | parent [-]

Did you... create a new account just to be able to respond to Thomas?

Btw, he's a security researcher. You should be more respectful.

	▲	1248wu 26 minutes ago \| parent [-]
		And enraged_camel is an AI booster. Feel free to point me to his research from the last 30 years.