HN Reader

Show HN: HTMS (write JavaScript using HTML) (github.com)

2 points by DigitalSea 56m ago 0 comments

Show HN: SwiftAI – open-source library to easily build LLM features on iOS/macOS (github.com)

63 points by mi12-root 17h ago 14 comments

Show HN: StripeMeter – Open-Source Usage Metering for Stripe Billing (github.com)

3 points by geminimir 1h ago 2 comments

Show HN: Yoink AI – macOS AI app that edits directly in any textfield of any app (useyoink.ai)

17 points by byintes 16h ago 8 comments

Show HN: Meetup.com and eventribe alternative to small groups (github.com)

106 points by orbanlevi 1d ago 59 comments

Show HN: Grammit – Local-only AI grammar checker (Chrome extension) (chromewebstore.google.com)

25 points by scottfr 15h ago 4 comments

Show HN: A private, flat monthly subscription for open-source LLMs (synthetic.new)

21 points by reissbaker 12h ago 13 comments

Show HN: Knowledgework – AI Extensions of Your Coworkers (knowledgework.ai)

4 points by grbsh 12h ago 0 comments

Show HN: FilterQL – A tiny query language for filtering structured data (github.com)

76 points by genshii 4d ago 21 comments

Show HN: Smart Buildings Powered by SparkplugB, Aklivity Zilla, and Kafka (github.com)

2 points by luk212 9h ago 0 comments

Show HN: A zoomable, searchable archive of BYTE magazine (byte.tsundoku.io)

411 points by chromy 2d ago 69 comments

Show HN: I integrated my from-scratch TCP/IP stack into the xv6-riscv OS (github.com)

144 points by pandax381 3d ago 12 comments

Show HN: Async – Claude code and Linear and GitHub PRs in one opinionated tool (github.com)

106 points by wjsekfghks 3d ago 46 comments

Show HN: Turn Markdown into React/Svelte/Vue UI at runtime, zero build step (markdown-ui.com)

197 points by yaoke259 2d ago 96 comments

Show HN: MCPcat – A free open-source library for MCP server monitoring (github.com)

13 points by kashishhora 16h ago 3 comments

Show HN: Persistent Mind Model (PMM) – Update: an model-agnostic "mind-layer" (github.com)

2 points by HimTortons 12h ago 0 comments

Show HN: A fun Unicode tool to make your text look cool anywhere (fontgenerator.now)

2 points by liquid99 4h ago 0 comments

Show HN: Base, an SQLite database editor for macOS (menial.co.uk)

678 points by __bb 3d ago 176 comments

Show HN: Spart – A Rust library for fast spatial search with Python bindings

31 points by habedi0 3d ago 0 comments

Show HN: Cholidean Harmony Structure (github.com)

2 points by jimishol 14h ago 1 comments

Show HN: Branchlet – Git Worktree TUI for Claude Code/Cursor/Codex etc. (github.com)

3 points by ragp 14h ago 0 comments

Show HN: Diggit.dev – Git history for architecture archaeologists (diggit.dev)

34 points by surprisetalk 3d ago 7 comments

Show HN: Welcome to "Voice AI Stack" Weekly – A Home for Voice AI Builders (videosdkweekly.substack.com)

3 points by sagarkava 15h ago 0 comments

Show HN: HTML Commenter (alexispurslane.github.io)

3 points by logicprog 15h ago 2 comments

Show HN: Regolith – Regex library that prevents ReDoS CVEs in TypeScript (github.com)

27 points by roggenbuck 2d ago 25 comments

Show HN: Gonzo – A Go-based TUI for log analysis (OpenTelemetry/OTLP support) (github.com)

72 points by J0nR 3d ago 15 comments

Show HN: Smooth – Faster, cheaper browser agent API (smooth.sh)

53 points by liukidar 2d ago 16 comments

Show HN: I fine-tuned GPT4.1 on my iMessage history (jonyork.net)

9 points by jonpizza 1d ago 6 comments

Show HN: MarkFlowy – A Markdown editor, which is lighter, smarter and purer (github.com)

2 points by drl5 16h ago 1 comments

Show HN: Created a Node.js's addon that can handle 1M req/s

6 points by StellaMary 1d ago 0 comments

Show HN: Csvqsh – SQL-like query language for CSV in Awk (github.com)

3 points by secwang 17h ago 0 comments

Show HN: Txtos for LLMs – 60 SEC setup, long memory, boundary guard, MIT (github.com)

4 points by tgrrr9111 17h ago 0 comments

Show HN: Chat with Nano Banana Directly from WhatsApp (wassist.app)

28 points by joshwarwick15 1d ago 14 comments

Show HN: Sideko – Hybrid deterministic/LLM generator for API SDKs and docs (github.com)

26 points by pmkelly4444 2d ago 5 comments

Show HN: React Web Camera – Fix <input type=file> single-photo limit (shivantra.com)

25 points by painternishant 1d ago 6 comments

Show HN: I Built a XSLT Blog Framework (vgr.land)

116 points by vgr-land 4d ago 68 comments

Show HN: Timep – A next-gen profiler and flamegraph-generator for bash code (github.com)

53 points by jkool702 4d ago 11 comments

Show HN: A more usable Docusign (formabledocs.com)

6 points by alex_shi 1d ago 0 comments

Show HN: Spoon-Bending – a framework for analyzing GPT-5 alignment behavior (github.com)

21 points by pablo-chacon 4d ago 3 comments

Show HN: Karton is a simple, type-safe RPC and state-syncing framework (OSS,MIT) (github.com)

4 points by glenntws 1d ago 0 comments

Show HN: AI Agent in Jupyter – Runcell (runcell.dev)

8 points by loa_observer 21h ago 1 comments

Show HN: Port Kill – A lightweight macOS status bar development port monitor (github.com)

125 points by lexokoh 5d ago 47 comments

Show HN: precision asteroid orbital dynamics library (github.com)

4 points by ddahlen 23h ago 0 comments

Show HN: Bicyclopedia (bicyclopedia.lemoing.ca)

123 points by lemoing 4d ago 40 comments

Show HN: Clearcam – Add AI object detection to your IP CCTV cameras (github.com)

230 points by roryclear 4d ago 66 comments

Show HN: Simple PDF Scanner – fast, one-time iOS scanner app (simplepdfscanner.se)

4 points by Akzid 1d ago 2 comments

Show HN: Stagewise – frontend coding agent for real codebases (stagewise.io)

41 points by glenntws 3d ago 18 comments

Show HN: AIKit - Minimal library for calling OpenAI, Anthropic, Gemini gen APIs (github.com)

3 points by _chinmaymk 1d ago 1 comments

Show HN: Pocket Agent: run Claude, Cursor, Codex and more from your phone (pocket-agent.xyz)

3 points by yayasoumah 1d ago 0 comments

Show HN: CashLedger – Offline-first PWA for cash tracking (cashflow-friend-pwa.vercel.app)

7 points by talhaahsan 2d ago 4 comments

Stop Using Vulnerability Counts to Measure Software Security

13 zdw 4 8/28/2025, 9:29:47 PM cacm.acm.org ↗

Comments (4)

notepad0x90 · 3h ago
Totally agree with this take. That said, you must account for the size of the codebase and associated attack surfaces and compare that with frequency of a particular bug class consistently popping up on every CVE.

In other words, you shouldn't use vulnerability counts, but you can discern patterns of vulnerability to intuit something about the nature of the codebase.

For example, RCE vulnerabilities on Chrome, especially under V8 while not very common they happen commonly enough to suspect that maybe there is some code quality issue. However, if you look at the sheer size of V8, and how much scrutiny and research it undergoes, it is surprising there aren't even more critical vulns being found all the time. JIT is inherently a risky endeavor.

mouse_ · 9h ago
There is no objective way to measure the security of an inherently insecure system.

Assume breach.

dentemple · 3h ago
Okay, but my boss still demands I give him a metric. I'm not allowed to tell him, "Just trust me bro" when I'm asked how much our security has improved over the past sprint. I'm supposed to give hard numbers, and the OP at least offers an alternative for that.
DANmode · 2h ago
Pick something that resembles a vuln→patch interval,

not just a context-less number that means they're popular, audited, or reviewing their OWN code all the time.

Instances where 0-days can't be used in isolation are a perfect example of where nontechnical people absolutely need to "just trust" someone to triage, and perform threat modeling for them.