The Wonders of AI: We Are Retiring Our Bug Bounty Program
4 hours ago
- #testing
- #open-source
- #bug-bounty
- Turso is retiring its $1,000 bug bounty program for data corruption bugs due to an influx of low-quality, AI-generated submissions.
- The program was initially created to reward skilled contributors and improve testing, but now the financial incentive attracts too many 'slop' submissions that waste maintainer time.
- Turso uses extensive testing infrastructure, including a Deterministic Simulator, fuzzers, and differential testing against SQLite, to ensure high reliability.
- Only five individuals were awarded bounties, including core contributors who improved the simulator or used creative methods like LLMs and formal verification.
- The team tried a vouching system to filter bot submissions, but bots persisted by reopening issues, making the program unsustainable.
- Turso remains committed to its open-source community but will remove financial incentives to maintain openness and avoid being overwhelmed by automated submissions.