Nextcloud has joined a growing list of projects, including Curl, that have ended their bug‑bounty partnerships with HackerOne due to an unmanageable surge of low‑effort, AI‑generated security reports. I received the following email: Hi ph00lt0, Nextcloud is sending you a message about their program on HackerOne. Hello, We are writing to you because you have previously reported vulnerabilities to Nextcloud via HackerOne. Like many other software projects, we have been receiving an increasi...

Nextcloud has joined a growing list of projects, including Curl, that have ended their bug‑bounty partnerships with HackerOne due to an unmanageable surge of low‑effort, AI‑generated security reports. I received the fol…

  • Hacksaw@lemmy.caEnglish
    21·
    6 hours ago

    You don’t find and report bugs because the open source project is the highest bidder… You report to contribute to the project. Miss me with that free market mindset!

    • mlg@lemmy.worldEnglish
      2·
      1 hour ago

      I didn’t mean for FOSS projects actually, I meant the bug bounties run by silicon valley giants lol.

      FOSS bug reports are down either out of love or spite lmao.