The project developer for one in all the Web’s hottest networking tools is scrapping its vulnerability reward program after being overrun by a spike within the submission of low-quality reports, much of it AI-generated slop.
“We are only a small single open source project with a small variety of energetic maintainers,” Daniel Stenberg, the founder and lead developer of the open source app cURL, said Thursday. “It will not be in our power to alter how all these people and their slop machines work. We want to make moves to make sure our survival and intact mental health.”
Manufacturing bogus bugs
His comments got here as cURL users complained that the move was treating the symptoms brought on by AI slop without addressing the cause. The users said they were concerned the move would eliminate a key means for ensuring and maintaining the safety of the tool. Stenberg largely agreed, but indicated his team had little alternative.
In a separate post on Thursday, Stenberg wrote: “We are going to ban you and mock you in public in case you waste our time on crap reports.” An update to cURL’s official GitHub account made the termination, which takes effect at the tip of this month, official.
cURL was first released three a long time ago, under the name httpget and later urlget. It has since grow to be an indispensable tool amongst admins, researchers, and security professionals, amongst others, for a wide selection of tasks, including file transfers, troubleshooting buggy web software, and automating tasks. cURL is integrated into default versions of Windows, macOS, and most distributions of Linux.
As such a widely used tool for interacting with vast amounts of information online, security is paramount. Like many other software makers, cURL project members have relied on private bug reports submitted by outside researchers. To offer an incentive and to reward high-quality submissions, the project members have paid money bounties in return for reports of high-severity vulnerabilities.
