Nextcloud has joined a growing list of projects, including Curl, that have ended their bug‑bounty partnerships with HackerOne due to an unmanageable surge of low‑effort, AI‑generated security reports. I received the following email: Hi ph00lt0, Nextcloud is sending you a message about their program on HackerOne. Hello, We are writing to you because you have previously reported vulnerabilities to Nextcloud via HackerOne. Like many other software projects, we have been receiving an increasi...

Nextcloud has joined a growing list of projects, including Curl, that have ended their bug‑bounty partnerships with HackerOne due to an unmanageable surge of low‑effort, AI‑generated security reports. I received the fol…

  • vividspecter@aussie.zoneEnglish
    10·
    12 hours ago

    Hopefully forgejo will have federation released soon which will make interacting across projects easier. Although maybe that will just encourage the bots to use it, so can’t win really.

    • WhyJiffie@sh.itjust.worksEnglish
      4·
      6 hours ago

      I think there can be a difference. github encourages this behavior, even provides the tools for it. but if the forgejo community stands strongly against it from the beginning (users reporting true slop, moderators deleting and banning them, admins defederating from intentional slop sources), then maybe that kind will stay away from the platform