Shared publicly  - 
It's not a very advanced regular expression, but I still find this a bit alarming in the Linux kernel:

$ git log --no-merges v3.5..v3.6 |egrep -i '(integer|counter|buffer|stack|fix) (over|under)flow' | wc -l

How many were security relevant? How many got CVEs?
Horst H. von Brand's profile photoMathias Krause's profile photoMichael Gebetsroither's profile photoPaweł Hajdan, Jr.'s profile photo
The following finds the moral equivalent, counts a bit more, and counts each commit only once (I think egrep piped to wc counts dd03e73481 as three hits, for example):

$ git log --oneline --no-merges \
  --all-match --regexp-ignore-case \
  --grep='\(integer\|counter\|buffer\|stack\|fix\)' \
  --grep='\(over\|under\)flow' v3.5..v3.6  | wc -l

You can lose "--oneline" and "| wc -l" to view the messages in full glory. While reading the output in "less", you can type

/(integer|counter|buffer|stack|fix) (over|under)flow

and see the difference made by using "log --grep".
Please don't publish this, the PaXfolks will start whining they want all commits marked this way...
Not to forget those: ;)

$ git log --oneline --no-merges --grep='info.*leak' v3.5..v3.6 | wc -l
Add a comment...