The end of the #curl bug-bounty
Uncategorized
40
Posts
18
Posters
43
Views
-
@bagder talking about graphs maybe one showing the payout per month/year might be nice?
"The bugbounty cash"
-
@poolitzer there's also this
-
The end of the #curl bug-bounty
https://daniel.haxx.se/blog/2026/01/26/the-end-of-the-curl-bug-bounty/
Charging people money in an International context is complicated and a maintenance burden.
I think if it does come to this, you might consider requiring a small donation to a charity? This would dramatically reduce the hassle on all sides, and do something good as a bonus.
-
Charging people money in an International context is complicated and a maintenance burden.
I think if it does come to this, you might consider requiring a small donation to a charity? This would dramatically reduce the hassle on all sides, and do something good as a bonus.
@fre receiving money for vulnerability *reports* would not mean that we ship vulnerabilities though...
-
@fre receiving money for vulnerability *reports* would not mean that we ship vulnerabilities though...
@bagder of course not, but I guess someone could spin it like "they now have incentive to publish buggy code", right? Anyway, that wasn't the point of the post and I didn't want to insinuate any bad intentions, sorry. I'll remove that part.
-
The end of the #curl bug-bounty
https://daniel.haxx.se/blog/2026/01/26/the-end-of-the-curl-bug-bounty/
@bagder Is the header image for the blogpost AI generated?
-
@bagder Is the header image for the blogpost AI generated?
@nini to illustrate the point of the blog post, I should probably just say: maybe, maybe not. =)
-
@ulveon no, the IBB did that
@bagder@mastodon.social Were you pressured to remove the payouts by them, or was it a decision you requested unilaterally due to slop reports?
-
@bagder@mastodon.social Were you pressured to remove the payouts by them, or was it a decision you requested unilaterally due to slop reports?
@ulveon I asked them to stop.
-
The end of the #curl bug-bounty
https://daniel.haxx.se/blog/2026/01/26/the-end-of-the-curl-bug-bounty/
@bagder I feel that this onslaught of AI slop reports is a DOS attack that weakens the security.
-
@bagder I feel that this onslaught of AI slop reports is a DOS attack that weakens the security.
@ollej that is certainly a risk, yes
-
@poolitzer there's also this
@bagder should have looked that up first, ofc you had them ready :D
-
@nini to illustrate the point of the blog post, I should probably just say: maybe, maybe not. =)
@bagder I shall wink in your direction and touch my nose on the side in acceptance of this.
-
The end of the #curl bug-bounty
https://daniel.haxx.se/blog/2026/01/26/the-end-of-the-curl-bug-bounty/
@bagder "not even one in twenty was real" is one of the most damning things I've ever heard about the state of BBPs. that's abysmal.
-
The end of the #curl bug-bounty
https://daniel.haxx.se/blog/2026/01/26/the-end-of-the-curl-bug-bounty/
@bagder
sorry to hear the slop has ruined a good thing. hopefully HackerOne learn from this and start taking stronger steps to curb this issue. -
The bugbounty crash of 2025 in a single image (from the blog post)
-
The end of the #curl bug-bounty
https://daniel.haxx.se/blog/2026/01/26/the-end-of-the-curl-bug-bounty/
@bagder yea, GHSA drafts are decent, but I really wish I could disclose a report that has been declined. Github, please?
-
The end of the #curl bug-bounty
https://daniel.haxx.se/blog/2026/01/26/the-end-of-the-curl-bug-bounty/
@bagder not sure if intentional but the article title from pressmind.org had all of it's polish utf-8 characters replaced with "?" -
@bagder not sure if intentional but the article title from pressmind.org had all of it's polish utf-8 characters replaced with "?"
@Mae argh, I think that's just wordpress being annoying... 😕
-
@bagder yea, GHSA drafts are decent, but I really wish I could disclose a report that has been declined. Github, please?
@seanmonstar @bagder Yep... I called for exactly this from platforms: https://sethmlarson.dev/slop-security-reports#what-platforms-can-do
Primarily so that maintainers can collaborate against this sort of behavior, but also to make bad actors known.
Feed RSS
Gli ultimi otto messaggi ricevuti dalla Federazione
-
@diffractie it's like 30% something
-
@MaximilianXavie @alex this is a bug! there is no intention to have these two not working together anymore!
-
in una elezione in Texas I repubblicani sono passati da ÷17 a -14!!
A Democrat won a state legislative special election in a district that President Trump carried by 17 percentage points, unnerving Republicans in Texas and beyond.
https://www.nytimes.com/2026/02/01/us/democratic-upset-texas-district-republicans.html
-
Nuove procedure d'infrazzione da la UÈ contro er nostro paese. Esticazzi?
Le mettemo con le artre 69 de cui ce ne fottemo er giusto
Tanto ce costano appena cuanto na frana tipo Niscemi all'anno
-
Our free stickers went like hot cakes yesterday at #FOSDEM. The new "My friends are not for sale" ones are all gone, they were an experimental last-minute print of a new design (which is coming soon as a t-shirt, by the way!). The less stuff for us to carry back home, the better. I wish people would grab the leaflets too!
-
https://www.open.online/2026/02/01/torino-poliziotto-pestato-corteo-askatasuna-cosa-successo-video/
Repubblica. Una decina di persone vestite di nero e incappucciate lo ha accerchiato in uno dei controviali: calci, pugni e tre colpi di martello alla schiena mentre cercava disperatamente di proteggere la testa. L’agente, sposato con un figlio piccolo, ha riportato contusioni multiple e una ferita alla coscia sinistra. Solo l’intervento di un collega che è tornato indietro proteggendolo con lo scudo lo ha salvato da conseguenze peggiori.
-
@diffractie idk but i wish i'd thought of it when i was doing heresy against god emperor 40k earlier
-
Is this anything?
