Comment on Death by a thousand slops
T156@lemmy.world 1 week agoIt was volume that was more the issue with the bug bounty program.
They were flooded, and recognising it is all well and good, but not if there’s no good way to filter it out.
They didn’t have the manpower to keep up.
TheBlackLounge@lemmy.zip 1 week ago
I encourage you to read some threads linked at the bottom of the article. The AI spammers have become way less obvious, one even has video. The team still checks every issue.
T156@lemmy.world 1 week ago
Right, but the volume was the issue. The cURL team could only work through and verify them so quickly, so the deluge of bug reports just made it impractical for them to dedicate time to sort through it for the Bug Bounty. The idea being that they got rid of the bug bounty, so there was less of an incentive to generate and write a bogus bug report.
TheBlackLounge@lemmy.zip 1 week ago
Uhu, and if it was still as obvious as in 2023 they could have made a filter by now… Which is why I called hindsight bias. But AI improved with being more convincing, that’s the actual problem, not volume. Imagine if AI actually got more correct, they would also have a higher volume of reports. Maybe not that much but ones they’d actually have to spend time to fix.