161

Overrun with AI slop, cURL scraps bug bounties to ensure "intact mental health" (arstechnica.com)

submitted 2 weeks ago by cm0002@libretechni.ca to c/opensource@programming.dev

7 comments fedilink hide all child comments

The project developer for one of the Internet’s most popular networking tools is scrapping its vulnerability reward program after being overrun by a spike in the submission of low-quality reports, much of it AI-generated slop.

“We are just a small single open source project with a small number of active maintainers,” Daniel Stenberg, the founder and lead developer of the open source app cURL, said Thursday. “It is not in our power to change how all these people and their slop machines work. We need to make moves to ensure our survival and intact mental health.”

you are viewing a single comment's thread
view the rest of the comments

[-] Kissaki@programming.dev 7 points 2 weeks ago* (last edited 2 weeks ago)

relevant, from a PR comment

On Monday January 26, 2026, I intend to merge this pull-request and post an explainer blog post detailing some further reasoning and details behind this move. The change, the end of the bounty, is officially set for January 31 but I am certain it will take some days to "take effect" and by merging the update a few days early I don't think we actually hurt anyone.

this post was submitted on 23 Jan 2026

161 points (97.1% liked)

Opensource

5490 readers

174 users here now

A community for discussion about open source software! Ask questions, share knowledge, share news, or post interesting stuff related to it!

Credits

Icon base by Lorc under CC BY 3.0 with modifications to add a gradient

⠀

founded 2 years ago

MODERATORS

pylapp@programming.dev