bagder,
@bagder@mastodon.social avatar

lines of code per known vulnerability in , 1998 - 2023. I purposely leave out the last year simply because it is a little too new code there to be fair - and that makes the graph really spike.

Note also that this treats all vulns equal, no matter which severity

hyc,
@hyc@mastodon.social avatar

@bagder I think the opposite, vulns per LOC, would be more informative.

bagder,
@bagder@mastodon.social avatar

@hyc It becomes such a hard to grasp number. Like 0.000112 in late 2022.

hyc,
@hyc@mastodon.social avatar

@bagder hmm, yeah. Ok, use KLOCs, and a log axis

bagder,
@bagder@mastodon.social avatar

@hyc Not bad: The number of vulns per kloc at 1.77 in 1998 and crawls down to 0.112 in late 2022. Still linear yaxis.

bagder,
@bagder@mastodon.social avatar

the median age a CVE has existed in code when reported in is 7.7 years!

robinm,
@robinm@fosstodon.org avatar

@bagder Does this means that we should ignore the right part of the graph (2015 and newer), and wait to see if the quality did effectively increase so much in recent years?

bagder,
@bagder@mastodon.social avatar

@robinm it certainly might imply that we will get vulnerabilities reported for that period in the coming years, yes. I guess we will be able to tell in the future...

  • All
  • Subscribed
  • Moderated
  • Favorites
  • random
  • Durango
  • DreamBathrooms
  • thenastyranch
  • magazineikmin
  • tacticalgear
  • khanakhh
  • Youngstown
  • mdbf
  • slotface
  • rosin
  • everett
  • ngwrru68w68
  • kavyap
  • InstantRegret
  • JUstTest
  • cubers
  • GTA5RPClips
  • cisconetworking
  • ethstaker
  • osvaldo12
  • modclub
  • normalnudes
  • anitta
  • tester
  • megavids
  • Leos
  • provamag3
  • lostlight
  • All magazines
    •