Daniel Stenberg’s Post

This is the latest one that really pushed me over the limit: https://hackerone.com/reports/3125832

Totally hear you, Daniel Stenberg. You’re probably paying the highest price for AI slop, it hits maintainers like you the hardest. We’ve been digging into this problem with Madison Oliver under the lens of Open Source Security Economics within the OpenSSF. One idea we explored: what if researchers had to stake a small deposit on their submission - only paid out as part of their bounty if the report clears a basic signal threshold (the deposit is lost if the report is not even rated “Info” and rejected)? It adds friction, but also researchers need to signal & stake their own confidence, which should filter DOS like noise. Curious to hear your take, how you would see bug bounties being modernised for the age of AI?

How many of these are you seeing a month? And what was the reporting rate a couple years ago? Are these kids playing around, or is it a weaponized DDoS against security defect reporting and response, industry wide?

This sucks, but this is open-source nowadays. And that's why we leaved open-source for closed-source.

You can monetize the reports :D

i think if you provide a simple course for those beginner hackers (i didnt mean bad thing iam a beginner also ) it would be a nice idea that might help huge numbers of people and might help you from gaining bad reports 🥰 also if you make a review for the disclosed reports in your company on the youtube channel and share your thoughts it would be a nice idea and you will make a bugs that submitted to you less unimpactful i mean you will gain an impactfull reports since they understand what is considerd actual bugs and whatsnot and why this is a bug from your opinion and whats not this is my thoughts

Can human checked AiSlop be sold for AI training data?

Insightful, thank you Daniel