Nobody@lemmy.world to Linux@lemmy.ml · 17 days agodaniel stenberg: The AI slop security reporting is basically extinct [in curl]... [bugs] are found with AI tools and normally high quality bug reports.mastodon.socialexternal-linkmessage-square6fedilinkarrow-up128arrow-down12
arrow-up126arrow-down1external-linkdaniel stenberg: The AI slop security reporting is basically extinct [in curl]... [bugs] are found with AI tools and normally high quality bug reports.mastodon.socialNobody@lemmy.world to Linux@lemmy.ml · 17 days agomessage-square6fedilink
minus-squarethingsiplay@lemmy.mllinkfedilinkarrow-up2·17 days agoDoes that mean the bug bounty program will come back?
minus-squarekibiz0r@midwest.sociallinkfedilinkEnglisharrow-up5·17 days agoPerpetual loop of “bounty encourages bad reports”, “canceled bounty”, “bug reports improve”, “bounty comes back”, “bounty encourages bad reports”…
minus-squarethingsiplay@lemmy.mllinkfedilinkarrow-up4·17 days agobounty also encourages good reports. So your argumentation is that the bounty program is the reason why reports were bad lately? I don’t think that is the reason and bringing it back will not make it that worse again.
minus-squareffhein@lemmy.worldlinkfedilinkarrow-up1·17 days agoIf they are getting valid findings with high quality reports from AI tools already, why would they do that?
Does that mean the bug bounty program will come back?
Perpetual loop of “bounty encourages bad reports”, “canceled bounty”, “bug reports improve”, “bounty comes back”, “bounty encourages bad reports”…
bounty also encourages good reports. So your argumentation is that the bounty program is the reason why reports were bad lately? I don’t think that is the reason and bringing it back will not make it that worse again.
If they are getting valid findings with high quality reports from AI tools already, why would they do that?