Windows XP and Windows 2003 partial source code is out there on github. With such a rich
corpus of known vulnerabilities in those OS'es and source code availability, surely
there should be an amazing amount of SAST/semgrep/codeql rules that take as input existing
known exploits and then do rules that find similar things, yet I don't seem to be able
to find such projects
Surely, these two code bases should be the foundation of most good CS/cyber courses - like
students finding new bugs, etc.
Is source code junk?