daniel:// stenberg://

1 day ago

daniel:// stenberg://
1 day ago

github.com/curl/curl/pull/2031…

There, now you know.

BUG-BOUNTY.md: we stop the bug-bounty end of Jan 2026 by bagder · Pull Request #20312 · curl/curl

Remove mentions of the bounty and hackerone.

^GitHub

in reply to daniel:// stenberg://

greem (Graeme, not Graham)

in reply to daniel:// stenberg:// 1 day ago

Good decision.

I don't think it will stop the slop though 😔

in reply to greem (Graeme, not Graham)

daniel:// stenberg://

in reply to greem (Graeme, not Graham) 1 day ago

nothing can stop it, but we can hopefully slow it down by removing a strong incentive

in reply to daniel:// stenberg://

greem (Graeme, not Graham)

in reply to daniel:// stenberg:// 1 day ago

Fingers crossed. You need the break!

in reply to daniel:// stenberg://

Benjamin Balder Bach

in reply to daniel:// stenberg:// 1 day ago

thanks for curl! ❤️

did the "bad faith" genre grow with the introduction of AI?

in reply to Benjamin Balder Bach

daniel:// stenberg://

in reply to Benjamin Balder Bach 1 day ago

yes

in reply to daniel:// stenberg://

Gato Negro

in reply to daniel:// stenberg:// 1 day ago

Wise decision.

in reply to daniel:// stenberg://

Ingvar

in reply to daniel:// stenberg:// 1 day ago

I understand why it needed to be done, but I am saddened that there were enough naive (bad?) actors slopmitting AI slop to the point that the bounties via HackerOne ended up unusuable.

in reply to daniel:// stenberg://

Ben Tasker

in reply to daniel:// stenberg:// 1 day ago

Sad that it's come to this, but also an entirely understandable decision.

in reply to daniel:// stenberg://

Tom Walker

in reply to daniel:// stenberg:// 1 day ago

Canary in the coalmine – the whole apparatus of formal bug-bounty programs is surely doomed since it is an incentive to spam and the effort bar to produce plausible spam has been lowered so much

in reply to daniel:// stenberg://

flaxo

in reply to daniel:// stenberg:// 1 day ago

people misconceive big and important with wealthy... somehow the concept of what drives open source is just not understood by the simple minded moneyhunters... :(

in reply to daniel:// stenberg://

Josh Bressers

in reply to daniel:// stenberg:// 1 day ago

tHe OnLy wAy tO sToP bAd aI iS wItH g00d aIzzzz!!!!!!

in reply to daniel:// stenberg://

x41h

in reply to daniel:// stenberg:// 1 day ago

and knowing is half the battle. GIJOE!

Sorry couldn't help myself.

in reply to daniel:// stenberg://

Jordi Boggiano

in reply to daniel:// stenberg:// 12 hours ago

I totally understand the move. When running web apps with bounties this has been an issue even before AI as there are so many things of little to no value one can report.

Anyway just saw you'll be at FOSDEM, looking forward to see you rant about sloppy security reporters in person ;)

in reply to daniel:// stenberg://

not Evander Sinque

in reply to daniel:// stenberg:// 4 hours ago

the AI talk at #EuroBSDcon was hilarious, though. But I'm sure you'll always have something to talk about. Hope, this will calm BS submissions down a bit.

#eurobsdcon

⇧

daniel:// stenberg:// 1 day ago • •

daniel:// stenberg://
1 day ago