This is a good post and article. It actually contains enough information to make an assessment about how this vulnerability equates to risk in our environments. I completely agree with the author that curl requests should fail if they can’t perform validation as defined being the default behavior.