Show HN: A timeline of recent open source CVE intensity and volume (supplychain.fail)

2 points by mariusvaporware ↗ HN
I was curious what it would look like if I plotted the intensity and volume of software supply chain CVEs over time, given what seemed like a flood of compromises lately.

It looked exactly as I expected, and I expect it to get worse before it gets better.

Yes, an LLM was used but because I wanted the simplest possible architecture, I steered away from using any back end at all. Instead it's just GitHub pages with a static json document as the source of data, updated daily by a GitHub action which stores and parses the OSV repository.

I wanted to include the Linux kernel but the complexities around how CVEs are assigned there made it difficult -- if I find a simple solution in future I'll add it.

0 comments

[ 3.1 ms ] story [ 11.9 ms ] thread

No comments yet.