Curl Project Founder Snaps over Deluge of Time-Sucking AI Slop Bug Reports

Fnord666 writes:

Curl project founder snaps over deluge of time-sucking AI slop bug reports

Curl project founder Daniel Stenberg is fed up with of the deluge of AI-generated "slop" bug reports and recently introduced a checkbox to screen low-effort submissions that are draining maintainers' time.

Stenberg said the amount of time it takes project maintainers to triage each AI-assisted vulnerability report made via HackerOne, only for them to be deemed invalid, is tantamount to a DDoS attack on the project.

[...] Citing a specific recent report that "pushed [him] over the limit," Stenberg said via LinkedIn: "That's it. I've had it. I'm putting my foot down on this craziness."

[...] Generative AI tools have allowed low-skilled individuals with an awareness of bug bounty programs to quickly file reports based on AI-generated content in the hope they can cash in on the rewards they offer.

[...] It was pitched as "a novel exploit leveraging stream dependency cycles in the HTTP/3 protocol stack was discovered, resulting in memory corruption and potential denial-of-service or remote code execution scenarios."

Ultimately, though, it was found to refer to nonexistent functions.

Original Submission

Read more of this story at SoylentNews.