"WebKit is in a lot of browsers and applications, and it has a lot of bugs. Once fixed, patches take weeks, months, or years to reach end users. WebKit's public version control is a treasure trove of half-day bugs. Security related changes can be identified through their metadata: committer, merges, keywords in the commit message, references to non-public bugs. Michel has applied machine learning to this data to automatically pick out interesting commits. Security fixes also include minimal reproduction cases, which will crash an unpatched browser and put an exploit developer well on his way. The repository offers a view to all vulnerabilities fixed in WebKit. Attackers can benefit from bugs found through fuzzing, source code review, and insider expertise. The menu includes: invalid ARM assembly emission, crypto bugs, policy errors, use-after-frees, stack and heap buffer overflows, arithmetic overflows, out-of-bounds accesses, type confusions."