Today we celebrate the five year anniversary of #curl's bug-bounty. It has resulted in 69 reported vulnerabilities and almost 80,000 USD payouts. Out of a total of 439 submissions. 86 of them were considered "informative", which mostly means they were handled as normal bugs.
Submit your suspected curl securirty issue here: https://hackerone.com/curl
bonus graph: fixed/introduced vulnerabilities in #curl over time: