Tightening every bolt

Things to do in order to sleep well while having your C code in twenty billion installations. A talk about what the curl project does to minimize security risks: Security, Safety, Reproducibility, Vulnerability handling and the processes and tooling around it.

As BDFL of the curl project, Daniel talks about what this project does to avoid it causing the world to burn. From code style, reviews and tests to signings, reproducibility, running a bug-bounty and becoming a CNA to filter bogus CVEs. curl aims to be top of the class in (Open Source) software security. Here's your chance to point finger and tell us what we should do better.