This is not working. The number of #hackerone report submissions for #curl in 2025 is going through the roof, while the quality is going through the floor.
And the year isn't over yet.
8
Discussion
Loading...
@bagder similar experience on yeswehack. To be fair the platform owners are trying really hard to put a stop to it, but it's like trying to stop a tsunami with a portable umbrella. I'm beginning to think these platforms need to start charging a deposit for any submitted report...
@bagder in a few months time (yes new year's prediction) the industry will have a financial correction of indeterminate size ... after that it will be easier to reason with folks. As with any tech surge, there are a few things that are useful and a lot of speculation ... the scale (and speed) of all this is daunting mostly due to uncontrolled outcomes. Calm heads prevail.
@bagder Alas, I see the same on those security contact aliases I'm still on.
The highlight of the week was someone sending a several pages long report on an "exposed" Grafana instance, with API traces, screenshots, etc pp. Oh no, confidential data leakage! Asked for a bounty and urged to turn off anonymous access.
Yes, my bro, that is the *public* telemetry dashboard.
There's zero amount of thinking happening before they send those out. Asymmetric warfare.
@bagder jfc what a mess
@bagder so sad to see this 😞 !
Maddening.
And there is probably more than the "indentified slop", as the growth is much higher than that?
1
@oschonrock yes, most likely
„The only winning move is not to play.“ ~ Wargames
@bagder Even if you subtract the 35 likely slop submissions the trend stays the same, though. So, is the slop count an underestimation, or are there different root causes?
1
@neverpanic it's very hard to assess what is slop. I suspect a large amount of people get tricked by AIs but submit the report "in a human way" so that the AI's involvement is invisible. But that's just one theory.
bonfire.mavnn.eu
News and community around mavnn.eu projects.
Automatic federation enabled