curl Takes Action Against AI Bug Reports
Stenberg said the amount of time it takes project maintainers to triage each AI-assisted vulnerability report made via HackerOne, only for them to be deemed invalid, is tantamount to a DDoS attack on the project.
Citing a specific recent report that “pushed [him] over the limit,” Stenberg said via LinkedIn: “That’s it. I’ve had it. I’m putting my foot down on this craziness.”
From now on, every HackerOne report claiming to have found a bug in curl, a command-line tool and library for transferring data with URLs, must disclose whether AI was used to generate the submission.
If selected, the bug reporter can expect a barrage of follow-up questions demanding a stream of proof that the bug is genuine before the curl team spends time on verifying it.
Daniel Stenberg (Hacker News):
We still have not seen a single valid security report done with AI help.
1 Comment RSS · Twitter · Mastodon
This week a user reported a problem. He tried to "help" by adding AI information. For another problem a developer tried to solve a problem I had with AI. Both didn't anything helpful. I was not amused.
