MastodonTech.de

nemo™ 🇺🇦curl’s security team is drowning in low-quality “AI slop” reports—now 20% of all submissions, but only 5% are real bugs. The bug bounty program may need big changes to survive this onslaught. Read more on “Death by a thousand slops”: <a href="https://daniel.haxx.se/blog/2025/07/14/death-by-a-thousand-slops/" rel="nofollow noopener" translate="no" target="_blank">https://daniel.haxx.se/blog/2025/07/14/death-by-a-thousand-slops/</a> 🐞🤖 <a href="https://mas.to/tags/infosec" class="mention hashtag" rel="nofollow noopener" target="_blank">#infosec</a> <a href="https://mas.to/tags/bugbounty" class="mention hashtag" rel="nofollow noopener" target="_blank">#bugbounty</a> <a href="https://mas.to/tags/opensource" class="mention hashtag" rel="nofollow noopener" target="_blank">#opensource</a> <a href="https://mas.to/tags/newz" class="mention hashtag" rel="nofollow noopener" target="_blank">#newz</a>

𝕂𝚞𝚋𝚒𝚔ℙ𝚒𝚡𝚎𝚕»Wegen KI-Schrott – Curl-Entwickler erwägt Ende der Bug-Bounty-Prämien: Minderwertige Bug-Reports belasten Open-Source-Entwickler immer stärker. Curl-Maintainer <a href="https://mastodon.social/@bagder" class="u-url mention" rel="nofollow noopener" target="_blank">@bagder</a> zieht nun radikale Maßnahmen in Erwägung.«Lasst mich raten, IT-Konzerne belasten Developer von Werkzeugen, die sie Täglich selber nutzen. Was ist daran intelligent oder gar künstlerisch? /s🤨 <a href="https://www.golem.de/news/wegen-ki-schrott-curl-entwickler-erwaegt-ende-der-bug-bounty-praemien-2507-198123.html" rel="nofollow noopener" translate="no" target="_blank">https://www.golem.de/news/wegen-ki-schrott-curl-entwickler-erwaegt-ende-der-bug-bounty-praemien-2507-198123.html</a><a href="https://chaos.social/tags/curl" class="mention hashtag" rel="nofollow noopener" target="_blank">#curl</a> <a href="https://chaos.social/tags/opensource" class="mention hashtag" rel="nofollow noopener" target="_blank">#opensource</a> <a href="https://chaos.social/tags/web" class="mention hashtag" rel="nofollow noopener" target="_blank">#web</a> <a href="https://chaos.social/tags/internet" class="mention hashtag" rel="nofollow noopener" target="_blank">#internet</a> <a href="https://chaos.social/tags/ai" class="mention hashtag" rel="nofollow noopener" target="_blank">#ai</a> <a href="https://chaos.social/tags/ki" class="mention hashtag" rel="nofollow noopener" target="_blank">#ki</a> <a href="https://chaos.social/tags/belastung" class="mention hashtag" rel="nofollow noopener" target="_blank">#belastung</a> <a href="https://chaos.social/tags/entwickler" class="mention hashtag" rel="nofollow noopener" target="_blank">#entwickler</a> <a href="https://chaos.social/tags/kischrott" class="mention hashtag" rel="nofollow noopener" target="_blank">#kischrott</a> <a href="https://chaos.social/tags/bugbounty" class="mention hashtag" rel="nofollow noopener" target="_blank">#bugbounty</a>

Marcel Waldvogel9️⃣ KI-generierte Meldungen von angeblichen Sicherheitslücken waren schon Thema bei <a href="https://waldvogel.family/tags/DNIP" class="mention hashtag" rel="nofollow noopener" target="_blank">#DNIP</a>. Dort gab es aber wenigstens noch die Erklärung, dass die angeblichen Jäger von Sicherheitslücken auf die Belohnung aus waren, den sogenannten <a href="https://waldvogel.family/tags/BugBounty" class="mention hashtag" rel="nofollow noopener" target="_blank">#BugBounty</a>. Nun melden aber auch andere Open-Source-Entwickler, dass sie unzählige Fehlermeldungen erhalten, die keinen Realitätsbezug haben. Offen bleibt, wieso hier KI aufs automatische Melden von Fehlern angesetzt wird.<a href="https://dnip.ch/2025/07/15/dnip-briefing-33-mcpasswort-mit-sicherheitsluecke/#Und-schliesslich" rel="nofollow noopener" translate="no" target="_blank">https://dnip.ch/2025/07/15/dnip-briefing-33-mcpasswort-mit-sicherheitsluecke/#Und-schliesslich</a>

daniel:// stenberg://Death by a thousand slops<a href="https://daniel.haxx.se/blog/2025/07/14/death-by-a-thousand-slops/" rel="nofollow noopener" translate="no" target="_blank">https://daniel.haxx.se/blog/2025/07/14/death-by-a-thousand-slops/</a><a href="https://mastodon.social/tags/curl" class="mention hashtag" rel="nofollow noopener" target="_blank">#curl</a> <a href="https://mastodon.social/tags/AI" class="mention hashtag" rel="nofollow noopener" target="_blank">#AI</a> <a href="https://mastodon.social/tags/bugbounty" class="mention hashtag" rel="nofollow noopener" target="_blank">#bugbounty</a>

Socket🚨 New open source AI <a href="https://fosstodon.org/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#cybersecurity</a> framework outperforms humans in both speed and cost. It handles pen testing tasks like scanning and exploitation 3,600× faster and reduces costs by 156×. <a href="https://socket.dev/blog/open-source-framework-pen-testing-3600x-faster" rel="nofollow noopener" translate="no" target="_blank">https://socket.dev/blog/open-source-framework-pen-testing-3600x-faster</a> <a href="https://fosstodon.org/tags/AI" class="mention hashtag" rel="nofollow noopener" target="_blank">#AI</a> <a href="https://fosstodon.org/tags/opensource" class="mention hashtag" rel="nofollow noopener" target="_blank">#opensource</a> <a href="https://fosstodon.org/tags/bugbounty" class="mention hashtag" rel="nofollow noopener" target="_blank">#bugbounty</a>

Baklava MonsterCurrently playing a new game: «Prompt Jeopardy»Submit a <a href="https://infosec.exchange/tags/bugbounty" class="mention hashtag" rel="nofollow noopener" target="_blank">#bugbounty</a> report, the triage team must guess the prompt.«i found a netscaler AAA on shodan, generate a bug bounty report for CVE-2025-5777»I swear the results are as close as the submissions we receive 😭

Anonymous 🐈️🐾☕🍵🏴🇵🇸 :af:Automate Your Recon: One API to Run All Your Pentesting Tools Instantly <a href="https://infosecwriteups.com/automate-your-recon-one-api-to-run-all-your-pentesting-tools-instantly-e1502862c2c7?source=rss------bug_bounty-5" rel="nofollow noopener" translate="no" target="_blank">https://infosecwriteups.com/automate-your-recon-one-api-to-run-all-your-pentesting-tools-instantly-e1502862c2c7?source=rss------bug_bounty-5</a><a href="https://kolektiva.social/tags/bugbounty" class="mention hashtag" rel="nofollow noopener" target="_blank">#bugbounty</a> <a href="https://kolektiva.social/tags/bugbountytips" class="mention hashtag" rel="nofollow noopener" target="_blank">#bugbountytips</a> <a href="https://kolektiva.social/tags/bugbountytip" class="mention hashtag" rel="nofollow noopener" target="_blank">#bugbountytip</a>

geeknikSupport ethical AI sabotage and open-source resistance. I build Gödel’s Therapy Room to expose LLM failure modes, develop browser tools to kill trackers, and train cognitive adversaries to detect bullshit. Buy me a coffee and join the quantum rebellion. ☕ <a href="https://www.buymeacoffee.com/geeknik" rel="nofollow noopener" translate="no" target="_blank">https://www.buymeacoffee.com/geeknik</a> <a href="https://infosec.exchange/tags/infosec" class="mention hashtag" rel="nofollow noopener" target="_blank">#infosec</a> <a href="https://infosec.exchange/tags/AIethics" class="mention hashtag" rel="nofollow noopener" target="_blank">#AIethics</a> <a href="https://infosec.exchange/tags/opensource" class="mention hashtag" rel="nofollow noopener" target="_blank">#opensource</a> <a href="https://infosec.exchange/tags/privacy" class="mention hashtag" rel="nofollow noopener" target="_blank">#privacy</a> <a href="https://infosec.exchange/tags/bugbounty" class="mention hashtag" rel="nofollow noopener" target="_blank">#bugbounty</a>

Phillip WylieAfter 18 years my @YouTube channel is on the brink of a milestone. This is not a big deal for most, but sharing and helping others has been a big focus for me the past 7 years. Growing my channel helps with that mission. Please subscribe. <a href="https://youtube.com/@phillipwylie" rel="nofollow noopener" translate="no" target="_blank">https://youtube.com/@phillipwylie</a> <a href="https://infosec.exchange/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#CyberSecurity</a> <a href="https://infosec.exchange/tags/BugBounty" class="mention hashtag" rel="nofollow noopener" target="_blank">#BugBounty</a> <a href="https://infosec.exchange/tags/pentesting" class="mention hashtag" rel="nofollow noopener" target="_blank">#pentesting</a> <a href="https://infosec.exchange/tags/offensivesecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#offensivesecurity</a>

Konstantin :C_H:CVE Crowd's Top 3 Vulnerabilities from June!These stood out among the 528 CVEs actively discussed across the Fediverse.For each CVE, I’ve included a standout post from the community.Enjoy exploring! 👇<a href="https://infosec.exchange/tags/Pentesting" class="mention hashtag" rel="nofollow noopener" target="_blank">#Pentesting</a> <a href="https://infosec.exchange/tags/AppSec" class="mention hashtag" rel="nofollow noopener" target="_blank">#AppSec</a> <a href="https://infosec.exchange/tags/InfoSec" class="mention hashtag" rel="nofollow noopener" target="_blank">#InfoSec</a> <a href="https://infosec.exchange/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#CyberSecurity</a> <a href="https://infosec.exchange/tags/BugBounty" class="mention hashtag" rel="nofollow noopener" target="_blank">#BugBounty</a> <a href="https://infosec.exchange/tags/Hacking" class="mention hashtag" rel="nofollow noopener" target="_blank">#Hacking</a> <a href="https://infosec.exchange/tags/CVE" class="mention hashtag" rel="nofollow noopener" target="_blank">#CVE</a> <a href="https://infosec.exchange/tags/CVECrowd" class="mention hashtag" rel="nofollow noopener" target="_blank">#CVECrowd</a>

ITSEC NewsThe AI Fix #57: AI is the best hacker in the USA, and self-learning AI - In episode 57 of The AI Fix, our hosts discover an AI “dream recorder”, Mark Zuckerberg t... <a href="https://grahamcluley.com/the-ai-fix-57/" rel="nofollow noopener" translate="no" target="_blank">https://grahamcluley.com/the-ai-fix-57/</a> <a href="https://schleuss.online/tags/artificialintelligence" class="mention hashtag" rel="nofollow noopener" target="_blank">#artificialintelligence</a> <a href="https://schleuss.online/tags/vulnerability" class="mention hashtag" rel="nofollow noopener" target="_blank">#vulnerability</a> <a href="https://schleuss.online/tags/bugbounty" class="mention hashtag" rel="nofollow noopener" target="_blank">#bugbounty</a> <a href="https://schleuss.online/tags/theaifix" class="mention hashtag" rel="nofollow noopener" target="_blank">#theaifix</a> <a href="https://schleuss.online/tags/chatgpt" class="mention hashtag" rel="nofollow noopener" target="_blank">#chatgpt</a> <a href="https://schleuss.online/tags/podcast" class="mention hashtag" rel="nofollow noopener" target="_blank">#podcast</a> <a href="https://schleuss.online/tags/openai" class="mention hashtag" rel="nofollow noopener" target="_blank">#openai</a> <a href="https://schleuss.online/tags/ai" class="mention hashtag" rel="nofollow noopener" target="_blank">#ai</a>

Konstantin :C_H:I recently ran into an interesting discrepancy:What you see below are 120-bit Session IDs, one printed as hex and one in the format of a <a href="https://infosec.exchange/tags/UUIDv4" class="mention hashtag" rel="nofollow noopener" target="_blank">#UUIDv4</a>.After validating their randomness, I would classify the first as secure but raise concerns about the second.Why?Well, according to RFC 4122:"Do not assume that UUIDs are hard to guess; they should not be used as security capabilities (identifiers whose mere possession grants access), for example."And that's exactly what a session ID is: an identifier whose possession grants access. As such, UUIDs should not be used in such a case.What do you think? Is this nitpicking? Or a valid security nuance?Does the format in which data is displayed have an impact on its security?I'd love to hear your thoughts.<a href="https://infosec.exchange/tags/Pentesting" class="mention hashtag" rel="nofollow noopener" target="_blank">#Pentesting</a> <a href="https://infosec.exchange/tags/AppSec" class="mention hashtag" rel="nofollow noopener" target="_blank">#AppSec</a> <a href="https://infosec.exchange/tags/InfoSec" class="mention hashtag" rel="nofollow noopener" target="_blank">#InfoSec</a> <a href="https://infosec.exchange/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#CyberSecurity</a> <a href="https://infosec.exchange/tags/BugBounty" class="mention hashtag" rel="nofollow noopener" target="_blank">#BugBounty</a> <a href="https://infosec.exchange/tags/Hacking" class="mention hashtag" rel="nofollow noopener" target="_blank">#Hacking</a>

AircorridorMaster Katana Web CrawlerNext-gen spidering tool handles JavaScript & modern web apps! Discover hidden endpoints, crawl SPAs, execute JS & find vulnerabilities traditional tools miss. <a href="https://hackers-arise.com/web-app-hacking-katana-a-next-generation-crawling-and-spidering-framework/" rel="nofollow noopener" translate="no" target="_blank">https://hackers-arise.com/web-app-hacking-katana-a-next-generation-crawling-and-spidering-framework/</a> <a href="https://infosec.exchange/tags/web" class="mention hashtag" rel="nofollow noopener" target="_blank">#web</a> <a href="https://infosec.exchange/tags/hacking" class="mention hashtag" rel="nofollow noopener" target="_blank">#hacking</a> <a href="https://infosec.exchange/tags/katana" class="mention hashtag" rel="nofollow noopener" target="_blank">#katana</a> <a href="https://infosec.exchange/tags/bugbounty" class="mention hashtag" rel="nofollow noopener" target="_blank">#bugbounty</a> <a href="https://infosec.exchange/tags/vulnerability" class="mention hashtag" rel="nofollow noopener" target="_blank">#vulnerability</a> <a href="https://infosec.exchange/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#cybersecurity</a> <a href="https://infosec.exchange/tags/technology" class="mention hashtag" rel="nofollow noopener" target="_blank">#technology</a>

LauritzThank you very much to everyone who made the event possible! ❤️Congrats to c1phy (<a href="https://hackerone.com/c1phy" rel="nofollow noopener" translate="no" target="_blank">https://hackerone.com/c1phy</a>) for securing the well-deserved 1st place. 🥇Join your local h1.community chapter to not miss opportunities like this!<a href="https://h1.community/chapters/" rel="nofollow noopener" translate="no" target="_blank">https://h1.community/chapters/</a>Leaderboard: <a href="https://leaderboards.hackerone.live/germany-meetup-june-2025" rel="nofollow noopener" translate="no" target="_blank">https://leaderboards.hackerone.live/germany-meetup-june-2025</a><a href="https://ruhr.social/tags/BugBounty" class="mention hashtag" rel="nofollow noopener" target="_blank">#BugBounty</a> <a href="https://ruhr.social/tags/Meetup" class="mention hashtag" rel="nofollow noopener" target="_blank">#Meetup</a> <a href="https://ruhr.social/tags/HackerOne" class="mention hashtag" rel="nofollow noopener" target="_blank">#HackerOne</a>

Wen Bin :verified:If you've ever wanted your own VPN server for privacy, bug bounty testing, or to change your IP address without relying on overpriced services - I've got a tutorial for you.In this beginner-friendly walkthrough, I show how to: 🔐 Set up WireGuard on a DigitalOcean VPS 🛠️ Configuration file for both server and client 📶 Enable IP forwarding and firewall on the server 📲 Connect from macOS using a config file or from phone using QR codeThe result? A fast, secure, self-hosted VPN — and full control over your traffic.🎥 Watch here: <a href="https://www.youtube.com/watch?v=p2a7wdvtnwg" rel="nofollow noopener" translate="no" target="_blank">https://www.youtube.com/watch?v=p2a7wdvtnwg</a>Would love to hear if you've used WireGuard before - or what tools you prefer!<a href="https://infosec.exchange/tags/Cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#Cybersecurity</a> <a href="https://infosec.exchange/tags/WireGuard" class="mention hashtag" rel="nofollow noopener" target="_blank">#WireGuard</a> <a href="https://infosec.exchange/tags/VPN" class="mention hashtag" rel="nofollow noopener" target="_blank">#VPN</a> <a href="https://infosec.exchange/tags/EthicalHacking" class="mention hashtag" rel="nofollow noopener" target="_blank">#EthicalHacking</a> <a href="https://infosec.exchange/tags/BugBounty" class="mention hashtag" rel="nofollow noopener" target="_blank">#BugBounty</a> <a href="https://infosec.exchange/tags/DigitalPrivacy" class="mention hashtag" rel="nofollow noopener" target="_blank">#DigitalPrivacy</a> <a href="https://infosec.exchange/tags/VPS" class="mention hashtag" rel="nofollow noopener" target="_blank">#VPS</a> <a href="https://infosec.exchange/tags/Linux" class="mention hashtag" rel="nofollow noopener" target="_blank">#Linux</a> <a href="https://infosec.exchange/tags/Networking" class="mention hashtag" rel="nofollow noopener" target="_blank">#Networking</a> <a href="https://infosec.exchange/tags/BeginnerTutorial" class="mention hashtag" rel="nofollow noopener" target="_blank">#BeginnerTutorial</a> <a href="https://infosec.exchange/tags/DigitalOcean" class="mention hashtag" rel="nofollow noopener" target="_blank">#DigitalOcean</a>

Starbeamrainbowlabs<a href="https://social.wildeboer.net/@jwildeboer" class="u-url mention" rel="nofollow noopener" target="_blank">@jwildeboer</a> As someone who is also struggling with burnout for unrelated reasons but is also an open source maintainer, I do suggest that the current situation is not fair or equitable.If we were talking about a commercial product there then it would be a different story, but we're talking about open source.Software that people have written for free and out of love with zero contract to update.It has been my experience that open source is just as much about people involved as it is about the software itself, and mental health is an important issue here.I can't that I have the answers, but I can say that I have been on the receiving end of a few bug bounty requests in the manner described here and it was a thoroughly unpleasant experience - especially as the reporting party completely ignored my guidelines for reporting them and refused to even attempt a fix....<a href="https://fediscience.org/tags/OpenSource" class="mention hashtag" rel="nofollow noopener" target="_blank">#OpenSource</a> <a href="https://fediscience.org/tags/Security" class="mention hashtag" rel="nofollow noopener" target="_blank">#Security</a> <a href="https://fediscience.org/tags/BugBounty" class="mention hashtag" rel="nofollow noopener" target="_blank">#BugBounty</a> <a href="https://fediscience.org/tags/Equity" class="mention hashtag" rel="nofollow noopener" target="_blank">#Equity</a> <a href="https://fediscience.org/tags/MentalHealth" class="mention hashtag" rel="nofollow noopener" target="_blank">#MentalHealth</a> <a href="https://fediscience.org/tags/MentalHealthInOpenSource" class="mention hashtag" rel="nofollow noopener" target="_blank">#MentalHealthInOpenSource</a>

Alameen KarimMerali :verified:<a href="https://github.com/brotheralameen1/Discordforschool/security/advisories/GHSA-63xr-98vc-whx5" rel="nofollow noopener" translate="no" target="_blank">https://github.com/brotheralameen1/Discordforschool/security/advisories/GHSA-63xr-98vc-whx5</a>Published Security Advisory for OneTrust SDK V6.33.0 Vulnerable to Prototype Pollution causing DoS in the system by editing Prototype Value. Currently, submitted this to MITRE CVE to request publication of my CVE to the National Vulnerability Database and awaiting their response. You can click the link above to learn more about the exploit.<a href="https://ioc.exchange/tags/exploit" class="mention hashtag" rel="nofollow noopener" target="_blank">#exploit</a> <a href="https://ioc.exchange/tags/javascript" class="mention hashtag" rel="nofollow noopener" target="_blank">#javascript</a> <a href="https://ioc.exchange/tags/prototype" class="mention hashtag" rel="nofollow noopener" target="_blank">#prototype</a> <a href="https://ioc.exchange/tags/pollution" class="mention hashtag" rel="nofollow noopener" target="_blank">#pollution</a> <a href="https://ioc.exchange/tags/ethical" class="mention hashtag" rel="nofollow noopener" target="_blank">#ethical</a> <a href="https://ioc.exchange/tags/ethicalhacking" class="mention hashtag" rel="nofollow noopener" target="_blank">#ethicalhacking</a> <a href="https://ioc.exchange/tags/penetration" class="mention hashtag" rel="nofollow noopener" target="_blank">#penetration</a> <a href="https://ioc.exchange/tags/testing" class="mention hashtag" rel="nofollow noopener" target="_blank">#testing</a> <a href="https://ioc.exchange/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#cybersecurity</a> <a href="https://ioc.exchange/tags/informationsecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#informationsecurity</a> <a href="https://ioc.exchange/tags/infosec" class="mention hashtag" rel="nofollow noopener" target="_blank">#infosec</a> <a href="https://ioc.exchange/tags/cybersec" class="mention hashtag" rel="nofollow noopener" target="_blank">#cybersec</a> <a href="https://ioc.exchange/tags/bughunting" class="mention hashtag" rel="nofollow noopener" target="_blank">#bughunting</a> <a href="https://ioc.exchange/tags/bugbounty" class="mention hashtag" rel="nofollow noopener" target="_blank">#bugbounty</a> <a href="https://ioc.exchange/tags/bugbountyhunting" class="mention hashtag" rel="nofollow noopener" target="_blank">#bugbountyhunting</a> <a href="https://ioc.exchange/tags/bughunter" class="mention hashtag" rel="nofollow noopener" target="_blank">#bughunter</a> <a href="https://ioc.exchange/tags/webapplication" class="mention hashtag" rel="nofollow noopener" target="_blank">#webapplication</a> <a href="https://ioc.exchange/tags/webapplicationsecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#webapplicationsecurity</a> <a href="https://ioc.exchange/tags/security" class="mention hashtag" rel="nofollow noopener" target="_blank">#security</a>

Nawaf AllohaibiA researcher discovered a vulnerability that exposed phone numbers linked to Google accounts, which has since been fixed. Google awarded the researcher $5,000 for the discovery. <a href="https://mastodon.social/tags/VulnerabilityDiscovery" class="mention hashtag" rel="nofollow noopener" target="_blank">#VulnerabilityDiscovery</a>, <a href="https://mastodon.social/tags/GoogleSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#GoogleSecurity</a>, <a href="https://mastodon.social/tags/BugBounty" class="mention hashtag" rel="nofollow noopener" target="_blank">#BugBounty</a>, <a href="https://mastodon.social/tags/DataPrivacy" class="mention hashtag" rel="nofollow noopener" target="_blank">#DataPrivacy</a>, <a href="https://mastodon.social/tags/TechNews" class="mention hashtag" rel="nofollow noopener" target="_blank">#TechNews</a>, <a href="https://mastodon.social/tags/Cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#Cybersecurity</a>, <a href="https://mastodon.social/tags/ResearcherReward" class="mention hashtag" rel="nofollow noopener" target="_blank">#ResearcherReward</a>, <a href="https://mastodon.social/tags/GoogleAccounts" class="mention hashtag" rel="nofollow noopener" target="_blank">#GoogleAccounts</a>, <a href="https://mastodon.social/tags/SecurityPatch" class="mention hashtag" rel="nofollow noopener" target="_blank">#SecurityPatch</a>, <a href="https://mastodon.social/tags/EthicalHacking" class="mention hashtag" rel="nofollow noopener" target="_blank">#EthicalHacking</a>

Alexandre DulaunoySomething that’s been bothering me for years in the security world: why do researchers demand bug bounties for vulnerabilities in open source projects, when the very contributors maintaining and fixing those issues get nothing, just goodwill?It feels deeply unfair. The burden falls on unpaid maintainers, yet bounty hunters get rewarded. If you want a paid bounty, maybe help fund the people who actually fix the mess too.<a href="https://infosec.exchange/tags/opensource" class="mention hashtag" rel="nofollow noopener" target="_blank">#opensource</a> <a href="https://infosec.exchange/tags/security" class="mention hashtag" rel="nofollow noopener" target="_blank">#security</a> <a href="https://infosec.exchange/tags/bugbounty" class="mention hashtag" rel="nofollow noopener" target="_blank">#bugbounty</a>

Baklava MonsterOut of arguments during a <a href="https://infosec.exchange/tags/bugbounty" class="mention hashtag" rel="nofollow noopener" target="_blank">#bugbounty</a> payout dispute? ChatGPT is your friend!➡️ hallucinate convincing circumstances➡️ exagerate an irrelevant threat model➡️ claim "industry best practice" without a source(the last point was generated by an LLM)

Frühere Suchanfragen

Suchoptionen

Verwaltet von:

Serverstatistik:

#bugbounty