Overrun with AI slop, cURL scraps bug bounties to ensure "intact mental health"
3 months ago
- #AI
- #Open Source
- #Cybersecurity
- cURL, a popular open-source networking tool, is ending its vulnerability reward program due to an influx of low-quality, AI-generated reports.
- Daniel Stenberg, cURL's founder, cited the small team's inability to handle the volume of submissions and maintain mental health as reasons for the decision.
- Users expressed concerns that ending the program could harm the tool's security, but Stenberg emphasized the necessity of the move.
- cURL will ban and publicly ridicule those submitting poor-quality reports, with the program termination effective at the end of the month.
- Originally released 30 years ago, cURL is a critical tool for admins, researchers, and security professionals, integrated into Windows, macOS, and Linux.
- Security is crucial for cURL, given its widespread use, and the project previously relied on private bug reports and cash bounties for high-severity vulnerabilities.