The EU’s €2T budget overlooks a key tech pillar: Open source
TNW | Data-Security
The EU’s €2T budget overlooks a key tech pillar: Open source
Daniel Stenberg, president of the European Open Source Academy and founder of cURL, fears the EU's next big budget will sideline open source.
Joshua Rogers sent us a *massive* list of potential issues in #curl that he found using his set of AI assisted tools. Code analyzer style nits all over. Mostly smaller bugs, but still bugs and there could be one or two actual security flaws in there. Actually truly awesome findings. I have already landed 22(!) bugfixes thanks to this, and I have over twice that amount of issues left to go through. Wade through perhaps. Credited "Reported in Joshua's sarif data" if you want to look for yourself
"Sorry, I can't. Under the current administration I don't feel safe and comfortable with traveling to the US so I need to pass. Thanks for asking."
that way! image
Giant company begs tiny Open Source project to graciously spend more of our copious spare time to help them - for free. Apparently the latest #curl release has a build problem on HarmonyOS. What a pity.
Who could have figured out that automatically downloading half the internet and ten thousand always-changing dependencies every time you build could actually be a weakness?
one of the worst ever "comprehensive security audits" ...
HackerOne
curl disclosed on HackerOne: Multiple Unsafe strcpy() Function...
## Summary: During a comprehensive security audit of the cURL codebase, multiple instances of unsafe strcpy() function usage were identified in cri...
I was #awarded Developer of the year yesterday (in Sweden).
daniel.haxx.se
Developer of the year
Developers Day is a recent annual Swedish gala organized by the Stockholm-based company Developers Bay. This is its third year running. They have a...
"Open Source as Europe’s Strategic Advantage" a 46-page report by the Linux Foundation
Open Source as Europe’s Strategic Advantage
Open Source as Europe’s Strategic Advantage
There's going to be more speak about AIs finding genuine security problems soon. Google Big Sleep found one in #curl that we reveal tomorrow.... in about eight hours. (but no, we don't know how much was AI and how much was human or how many false positives they had to wade through to get there etc maybe they will let us know later?)