Comment by steveklabnik

I used to answer security vulnerability emails to Rust. We'd regularly get "someone ran an automated tool and reports something that's not real." Like, complaints about CORS settings on rust-lang.org that would let people steal cookies. The website does not use cookies.

I wonder if it's gotten actively worse these days. But the newness would be the scale, not the quality itself.