Counterpoint we have a CVE attributable to ours and I suspect the difference is my co-founder was an offensive kernel researcher so our system is tuned for this in a way your average...ambulance chaser is unable to do.
The amount of bad reports curl in particular has gotten is staggering and it's all from people who have no background just latching onto a tool that won't elevate them.
Edit: Also shoutout to one of our old professors Brendan Dolan-Gavitt who now works on offensive security agents who has a highly ranked vulnerability agent XBOW.
So these tools are there and doing real work its just there are so many people looking for a quick buck that you really have to tease the noise from the bs.
Except if you read the blog post we helped a very confused maintainer when they had this dropped on them with no explanation on hacker news except "oooh potential scary heap vuln"
https://blog.bismuth.sh/blog/bismuth-found-the-atop-bug
https://www.cve.org/CVERecord?id=CVE-2025-31160
The amount of bad reports curl in particular has gotten is staggering and it's all from people who have no background just latching onto a tool that won't elevate them.
Edit: Also shoutout to one of our old professors Brendan Dolan-Gavitt who now works on offensive security agents who has a highly ranked vulnerability agent XBOW.
https://hackerone.com/xbow?type=user
So these tools are there and doing real work its just there are so many people looking for a quick buck that you really have to tease the noise from the bs.