I think it depends on where you draw the line for the word "natural". If you include human behaviour, it is natural, but yes, otherwise it is typically known as "artificial selection" in this context.
Honestly, just being able to "tick" each commit would be great.
On https://github.com/bitcoin/bitcoin/ it is common practice to include the commit hash in your approval comment so you can easily review where you were up to if a rebase occurs.
The graph displayed of ECDSA duplicate r-value exploits shows 2 prominent "columns" of addresses, the latter of which was in April/May 2014.
That latter column was directly related to a commit that I made to the bitcoinjs-lib master branch (which was undergoing major refactoring at the time).
The issue itself was that a `Buffer` was being interpreted as `0` by crypto-js's cryptographic hash functions in our implementation of RFC6979, thus creating a case of duplicate `k` values.
The second most interesting point was the majority of the funds (>20k USD) stolen from Counterparty (the only known users of our master branch at that time) was returned by a grey hat.