Hello,

I found the paper about possibly vulnerable and critical software very
informative. The paper mostly focused on core, web and development software.
However, I think the full list of dependencies at
https://gitlab.com/linted/linted/blob/master/docs/platforms.h that my own
minimal personal game I'm working on may be interesting. The two key insights I
would take away from my list of dependencies is that in order to put on the
screen a simple 3D model one needs a huge rat nest of dependencies (some of
which don't seem well supported) and that small shims such as libcap for little
known functional that is exposed by the kernel and not by GLibc may not be well
maintained. I think there was talk about creating a libsyscall or something for
centralizing these shims a while ago but I don't think that got off the ground.
You may also find the raw build dependencies at
https://gitlab.com/linted/linted/blob/master/scripts/builddeps interesting.
Also, many of the dependencies read or write file formats (such as s2tc, zlib,
LLVM, libexpat and elfutils) as noted as potentially vulnerable stuff in the
paper. XCB also does protocol handling. LLVM is also interesting because it is
both used in compilers and jitters.

Thank you,
Steven Stewart-Gallus