Why did cURL end its vulnerability reward program?

cURL ended its reward program due to an overwhelming flood of low-quality, AI-generated bug reports that were wasting maintainer time.

What is Daniel Stenberg's role in cURL?

Daniel Stenberg is the founder and lead developer of the open-source cURL project.

Is AI-generated spam affecting other software projects?

Yes, cURL's developer stated that AI slop is already overwhelming maintainers in many open-source projects and is expected to spread.

Home / Technology / cURL Scraps Bug Bounty Amid AI Slop Flood

cURL Scraps Bug Bounty Amid AI Slop Flood

23 Jan

•

Summary

cURL's bug bounty program ends due to excessive AI-generated reports.
Developer Daniel Stenberg cited mental health and project survival.
AI slop is overwhelming open source projects, not just cURL.

cURL Scraps Bug Bounty Amid AI Slop Flood

The cURL project, a foundational tool for internet data transfer, is ending its vulnerability reward program. This decision, effective at the end of the month, stems from a significant increase in low-quality, AI-generated bug reports. Lead developer Daniel Stenberg emphasized the necessity of this action for the project's sustainability and the maintainers' well-being.

Stenberg noted that while AI can be a useful tool for bug discovery, many submissions are now from users simply prompting AI bots without understanding the output. This "AI slop" is overwhelming the small team. Previously, cURL has praised AI-assisted findings, but the current trend of bogus reports has forced a halt to its bounty program.

Disclaimer: This story has been auto-aggregated and auto-summarised by a computer program. This story has not been edited or created by the Feedzop team.