Show HN: A timeline of recent open source CVE intensity and volume
supplychain.failI was curious what it would look like if I plotted the intensity and volume of software supply chain CVEs over time, given what seemed like a flood of compromises lately.
It looked exactly as I expected, and I expect it to get worse before it gets better.
Yes, an LLM was used but because I wanted the simplest possible architecture, I steered away from using any back end at all. Instead it's just GitHub pages with a static json document as the source of data, updated daily by a GitHub action which stores and parses the OSV repository.
I wanted to include the Linux kernel but the complexities around how CVEs are assigned there made it difficult -- if I find a simple solution in future I'll add it.
No comments yet.