The end of the #curl bug-bounty
Uncategorized
40
Posts
18
Posters
44
Views
-
Charging people money in an International context is complicated and a maintenance burden.
I think if it does come to this, you might consider requiring a small donation to a charity? This would dramatically reduce the hassle on all sides, and do something good as a bonus.
@fre receiving money for vulnerability *reports* would not mean that we ship vulnerabilities though...
-
@fre receiving money for vulnerability *reports* would not mean that we ship vulnerabilities though...
@bagder of course not, but I guess someone could spin it like "they now have incentive to publish buggy code", right? Anyway, that wasn't the point of the post and I didn't want to insinuate any bad intentions, sorry. I'll remove that part.
-
The end of the #curl bug-bounty
https://daniel.haxx.se/blog/2026/01/26/the-end-of-the-curl-bug-bounty/
@bagder Is the header image for the blogpost AI generated?
-
@bagder Is the header image for the blogpost AI generated?
@nini to illustrate the point of the blog post, I should probably just say: maybe, maybe not. =)
-
@ulveon no, the IBB did that
@bagder@mastodon.social Were you pressured to remove the payouts by them, or was it a decision you requested unilaterally due to slop reports?
-
@bagder@mastodon.social Were you pressured to remove the payouts by them, or was it a decision you requested unilaterally due to slop reports?
@ulveon I asked them to stop.
-
The end of the #curl bug-bounty
https://daniel.haxx.se/blog/2026/01/26/the-end-of-the-curl-bug-bounty/
@bagder I feel that this onslaught of AI slop reports is a DOS attack that weakens the security.
-
@bagder I feel that this onslaught of AI slop reports is a DOS attack that weakens the security.
@ollej that is certainly a risk, yes
-
@poolitzer there's also this
@bagder should have looked that up first, ofc you had them ready :D
-
@nini to illustrate the point of the blog post, I should probably just say: maybe, maybe not. =)
@bagder I shall wink in your direction and touch my nose on the side in acceptance of this.
-
The end of the #curl bug-bounty
https://daniel.haxx.se/blog/2026/01/26/the-end-of-the-curl-bug-bounty/
@bagder "not even one in twenty was real" is one of the most damning things I've ever heard about the state of BBPs. that's abysmal.
-
The end of the #curl bug-bounty
https://daniel.haxx.se/blog/2026/01/26/the-end-of-the-curl-bug-bounty/
@bagder
sorry to hear the slop has ruined a good thing. hopefully HackerOne learn from this and start taking stronger steps to curb this issue. -
The bugbounty crash of 2025 in a single image (from the blog post)
-
The end of the #curl bug-bounty
https://daniel.haxx.se/blog/2026/01/26/the-end-of-the-curl-bug-bounty/
@bagder yea, GHSA drafts are decent, but I really wish I could disclose a report that has been declined. Github, please?
-
The end of the #curl bug-bounty
https://daniel.haxx.se/blog/2026/01/26/the-end-of-the-curl-bug-bounty/
@bagder not sure if intentional but the article title from pressmind.org had all of it's polish utf-8 characters replaced with "?" -
@bagder not sure if intentional but the article title from pressmind.org had all of it's polish utf-8 characters replaced with "?"
@Mae argh, I think that's just wordpress being annoying... 😕
-
@bagder yea, GHSA drafts are decent, but I really wish I could disclose a report that has been declined. Github, please?
@seanmonstar @bagder Yep... I called for exactly this from platforms: https://sethmlarson.dev/slop-security-reports#what-platforms-can-do
Primarily so that maintainers can collaborate against this sort of behavior, but also to make bad actors known.
-
@seanmonstar @bagder Yep... I called for exactly this from platforms: https://sethmlarson.dev/slop-security-reports#what-platforms-can-do
Primarily so that maintainers can collaborate against this sort of behavior, but also to make bad actors known.
@sethmlarson @seanmonstar I have a meeting with someone at Github in a few hours. I will bring this up!
-
The end of the #curl bug-bounty
https://daniel.haxx.se/blog/2026/01/26/the-end-of-the-curl-bug-bounty/
@bagder a sad, but understandable decision
-
The end of the #curl bug-bounty
https://daniel.haxx.se/blog/2026/01/26/the-end-of-the-curl-bug-bounty/
@bagder without reading the article I knew why 😔
Maybe submitting a repot should cost something? The people that are confident about their findings would get the reward that easily pays for that. For the slop that's just too expensive.
Sounds weird but... maybe?
Feed RSS
Gli ultimi otto messaggi ricevuti dalla Federazione
-
Il disagio causato dalle #campane rumorose oltre i limiti di legge è diffuso. Riceviamo tante richieste di aiuto da persone esasperate allo sportello SOS Laicità.
Per difendersi dalle campane "selvagge" 👇
https://www.uaar.it/laicita/campane/
-
Feminist Flamethrower (@yatahole.bsky.social)
https://bsky.app/profile/yatahole.bsky.social/post/3mdrmcxo4lc2j
> He said he could shoot someone on Park Avenue and people would still vote for him… now he’s saying that he can rape a 13 year old girl and people will still say he’s the best president ever.
-
@francina1909 @thegib con tutta probabilità sarò gattomunito da aprile 🙄
-
A #Torino si fanno anche discorsi tragicamente seri. Piemonte e Valle d’Aosta terre di mafia, imprese complici - La Stampa https://www.lastampa.it/torino/2026/01/31/news/ndrangheta_piemonte_imprenditori_pizzo-15489856/
-
Figliolo
Scarabocchio dalla prima de @ilmanifesto, oggi in edicola.
-
@diffractie it's like 30% something
-
@MaximilianXavie @alex this is a bug! there is no intention to have these two not working together anymore!
-
in una elezione in Texas I repubblicani sono passati da ÷17 a -14!!
A Democrat won a state legislative special election in a district that President Trump carried by 17 percentage points, unnerving Republicans in Texas and beyond.
https://www.nytimes.com/2026/02/01/us/democratic-upset-texas-district-republicans.html
