Overrun with AI slop, cURL scraps bug bounties to make sure “intact psychological well being”

The mission developer for one of many Web’s hottest networking instruments is scrapping its vulnerability reward program after being overrun by a spike within the submission of low-quality stories, a lot of it AI-generated slop.

“We’re only a small single open supply mission with a small variety of energetic maintainers,” Daniel Stenberg, the founder and lead developer of the open supply app cURL, mentioned Thursday. “It’s not in our energy to alter how all these individuals and their slop machines work. We have to make strikes to make sure our survival and intact psychological well being.”

Manufacturing bogus bugs

His feedback got here as cURL customers complained that the transfer was treating the signs attributable to AI slop with out addressing the trigger. The customers mentioned they have been involved the transfer would eradicate a key means for making certain and sustaining the safety of the instrument. Stenberg largely agreed, however indicated his group had little alternative.

In a separate publish on Thursday, Stenberg wrote: “We are going to ban you and mock you in public if you happen to waste our time on crap stories.” An replace to cURL’s official GitHub account made the termination, which takes impact on the finish of this month, official.

cURL was first launched three many years in the past, beneath the identify httpget and later urlget. It has since grow to be an indispensable instrument amongst admins, researchers, and safety professionals, amongst others, for a variety of duties, together with file transfers, troubleshooting buggy internet software program, and automating duties. cURL is built-in into default variations of Home windows, macOS, and most distributions of Linux.

As such a broadly used instrument for interacting with huge quantities of knowledge on-line, safety is paramount. Like many different software program makers, cURL mission members have relied on personal bug stories submitted by exterior researchers. To supply an incentive and to reward high-quality submissions, the mission members have paid money bounties in return for stories of high-severity vulnerabilities.