The project developer for one of the Internet’s most popular networking tools is scrapping its vulnerability reward program after being overrun by a spike in the submission of low-quality reports, much of it AI-generated slop.
“We are just a small single open source project with a small number of active maintainers,” Daniel Stenberg, the founder and lead developer of the open source app cURL, said Thursday. “It is not in our power to change how all these people and their slop machines work. We need to make moves to ensure our survival and intact mental health.”
Seems like this became a big problem for open source maintainers. Not just people submitting AI generated wrong bug reports but also then answering back with LLM too. So whereas it might take a maintainer 5 mins to read a reply and come up with a response, it takes the submitter about couple seconds. Going for a few cycles, take about half 10-20 mins per report from your volunteering time. They really eat up people’s bandwith. And spotting such bug reports just from the language alone will likely become harder and harder.