cURL has axed its bug bounty program.
itsfoss.com/news/curl-closes-b…
#opensource #curl #programming
Daniel Stenberg says the inflow of AI slop has become unsustainable for the curl security team to handle.Sourav Rudra (It's FOSS)
Some of the emails I get are truly sad reflections of the complicated and rather sorry state of things we are in. Like this.
(also, apparently #curl is used in another popular game)
"Rainbow 6 Siege Activation issue"
"Buffer Overflow Vulnerability in WebSocket Handling".
A bot? An AI? Just a silly reporter? Another fine waste of #curl maintainer time.
## Summary: Hello security team, Hope you are doing well :) I would like to report a potential security vulnerability in the WebSocket handling code of the curl library. The issue is related to...HackerOne
We disclosed this #hackerone report against #curl when someone asked Bard to find a vulnerability, and it hallucinated together something:
## Summary: Curl CVE-2023-38545 vulnerability code changes are disclosed on the internet ## Steps To Reproduce: To replicate the issue, I have searched in the Bard about this vulnerability. It...HackerOne
Next week on Aug 31 I will do my super long #curl class: "Mastering the curl command line" live on Twitch, also recorded for later watching.
Expect 2.5 hours or so of non-stop #curl command line talk. By me.
