Approaching zero bugs?

Daniel Stenberg, the curl maintainer, reflects on whether modern AI-powered code analysis tools are bringing us closer to a 'zero bugs' state in software. He proposes two metrics to measure progress: the average age of reported vulnerabilities (which should decrease if tools catch bugs sooner) and the overall bugfix rate (which should drop when most bugs are found). Using curl project data on vulnerability ages and bugfix rates, he concludes neither metric shows a downward trend yet, suggesting we are still far from zero bugs despite increasingly powerful tooling.