10 Billion Devices Run His Code — And He Maintains It Alone

🌍 10 Billion Devices Run His Code — And He Maintains It Alone

Category: Open Source / Infrastructure
Source: Can Artuc (Feb 17, 2026)

  • Daniel Stenberg has maintained curl since 1996, expanding it from the original “httpget” into one of the most widely deployed internet transfer tools in history.

  • Today, curl ships with Windows, macOS, Linux, Android, iOS, and all major gaming consoles. It is embedded in an estimated 10 billion installations worldwide — yet only ~10 developers contribute regularly.

Key Insight: A foundational internet dependency has a bus factor of one.


🚗 47 Car Brands Ship curl — None Employ Its Maintainer

Category: Software Supply Chain / Sustainability

  • According to project documentation, 47 distinct car manufacturers ship curl in their vehicles.

  • Major tech companies — including Apple, Microsoft, Google, and Amazon — distribute curl in their platforms, but none employ Stenberg directly.

He works at wolfSSL, which sponsors his maintenance time — a small company effectively supporting infrastructure used by trillion-dollar corporations.

Systemic Gap: Massive corporate adoption does not translate into proportional financial or engineering support.

🤖 AI-Generated Bug Reports Are Flooding the Project

Category: AI / Developer Tooling Risk

  • Beginning in late 2024 and escalating through 2025, Stenberg documented a surge of AI-generated fake vulnerability reports.

  • Individuals prompt tools like ChatGPT or Claude to “find vulnerabilities in curl,” then submit hallucinated issues — sometimes requesting CVEs.

Each fabricated report requires manual verification because a real vulnerability could impact billions of devices.

Stenberg described the phenomenon as a “DDoS attack on maintainers.”
The project now requires contributors to confirm reports are not AI-generated and has begun banning repeat offenders.

Developer Impact: AI reduces friction for spam generation, but the validation burden remains human.

🏆 Developer of the Year — While Writing About Burnout

Category: Maintainer Health / Industry Recognition

  • In 2025, Sweden named Daniel Stenberg Developer of the Year.

  • During the same period, he published blog posts about burnout and sustainability challenges.

The contrast highlights a structural issue: recognition without long-term support does not solve maintainer overload.


🚌 The Bus Factor Problem

Category: Supply Chain Risk

  • curl’s bus factor is effectively one.

  • After nearly 28 years of accumulated protocol complexity, replacing Stenberg would require years of knowledge transfer.

The article compares this to the 2014 OpenSSL Heartbleed incident, where critical infrastructure maintained by a tiny team exposed systemic industry underinvestment.

Risk Framing: Maintainer sustainability is a security issue, not just a staffing issue.

🔄 Three Structural Changes Proposed

1. Sustained Corporate Funding
Companies shipping curl should employ maintainers or fund contracts — similar to how companies fund Linux kernel development.

2. Platform-Level AI Spam Controls
Issue tracker platforms should detect AI-generated vulnerability spam automatically, instead of relying on maintainers to filter it.

3. Supply Chain Sustainability Audits
Software audits should include maintainer bus factor and funding stability as risk metrics.

🧠 Developer Takeaway

curl is not a side project. It is invisible internet infrastructure.

If your systems depend on it — and they almost certainly do — sustainability is your problem too.
Critical dependencies maintained by a single individual represent operational, security, and continuity risk.


Reference link




Comments

Post a Comment

Popular posts from this blog

Story Points Are Really Simple

Image
  Story Points Are Really Simple Story Points helps Agile teams estimate the effort required to complete tasks by focusing on complexity, size, and uncertainty rather than time. This method is ideal for teams distributed across multiple locations and countries. Why Use Story Points? Reason Detail Assessing Effort - High accuracy: Considers many factors, not just working hours. - Handling uncertainty: Easily adapting to unexpected challenges. Teamwork - Shared understanding: Ensure everyone agrees on the meaning of each point. - Leverage diversity: Different perspectives improve estimates. Better Planning - Track progress: Know the points the team has scored in each sprint. - Work Forecast: Plan sprints based on previous performance. Flexible - Easy Adjustments: Change plans without being constrained by specific time estimates. - Complexity Management: Break down complex tasks into manageable components. Story Score Comparison Table Story Point Fibonacci Points Shirt Size Level of E...
Read more

Comparing Event-Driven Architecture (EDA) and Event Sourcing (ES)

Image
Event-Driven   Architecture ( EDA) and Event Storage (ES) are two different but complementary design models in software development. EDA : Focuses on real-time responsiveness with component decoupled functionality. ES : Provides a complete event history for better status management. Both methods can be integrated to achieve a balanced system design! Comparison Table of Event-Driven Architecture (EDA) and Event Storage (ES) Aspect Event-Based Architecture (EDA) Event Storage (ES) Purpose Real-time event handling Manage historical state changes. Data Processing It reacts to events and can store the resulting state. Record each event in order to reconstruct the state. Main Benefits - Separate the components - Real-time feedback - Scalable - Complete history - Restore state - Auditable For example - E-commerce (orders, payments) - IoT system - Financial transactions - Version control Scalability Easily expandable horizontally. It is scalable, but requires centralized log management. In...
Read more

4 Ways AI Is Redefining What “Senior” Really Means at Work

Image
Have you noticed how two people with the same Senior title can feel worlds apart? One struggles to keep up with new tools. The other adapts calmly, asks better questions, and somehow stays relevant even as technology shifts overnight. The uncomfortable truth is this: AI is quietly redefining what “senior” actually means at work —and it has far less to do with years of experience than it used to. Across software engineering, data, product, analytics, and even management, AI is closing skill gaps at a speed we’ve never seen before. Tasks that once required years of experience and deep tool specialization can now be done in minutes with AI copilots. So if execution is no longer the differentiator, what is? 1. Seniority Is Shifting From “Doing” to “Deciding” For a long time, senior professionals were defined by execution: They could handle complex tasks independently They knew tools inside out They needed minimal supervision Execution was the badge of honor. AI has changed that. Today, AI...
Read more