this post was submitted on 28 Feb 2026
47 points (92.7% liked)
Technology
82227 readers
4553 users here now
This is a most excellent place for technology news and articles.
Our Rules
- Follow the lemmy.world rules.
- Only tech related news or articles.
- Be excellent to each other!
- Mod approved content bots can post up to 10 articles per day.
- Threads asking for personal tech support may be deleted.
- Politics threads may be removed.
- No memes allowed as posts, OK to post as comments.
- Only approved bots from the list below, this includes using AI responses and summaries. To ask if your bot can be added please contact a mod.
- Check for duplicates before posting, duplicates may be removed
- Accounts 7 days and younger will have their posts automatically removed.
Approved Bots
founded 2 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
Right, but the volume was the issue. The cURL team could only work through and verify them so quickly, so the deluge of bug reports just made it impractical for them to dedicate time to sort through it. The idea in getting rid of the bug bounty being that there would be less of an incentive to generate and write a bogus bug report.
If it was just a small handful of fake security reports, they wouldn't have minded nearly as much.
Uhu, and if it was still as obvious as in 2023 they could have made a filter by now... Which is why I called hindsight bias. But AI improved with being more convincing, that's the actual problem, not volume. Imagine if AI actually got more correct, they would also have a higher volume of reports. Maybe not that much but ones they'd actually have to spend time to fix.