@jschauma I'm not sure that the two are actually being conflated. At least, that wasn't my interpretation. To me, what it highlights is the amount of code out there with these sorts of latent vulnerabilities *because* these software projects and companies haven't been performing these code audits. Heartbleed was the shot across the bow about this problem, and we've had only (checks notes) 12 years since then to address the issue.