The Internet Bug Bounty programme has announced a temporary halt to new submissions, marking a significant shift in how vulnerability discoveries are managed in the open-source community. Operating since 2012 and backed by several leading software companies, the programme has distributed over $1.5 million to security researchers who have identified critical bugs in widely-used software systems.
The decision to pause comes as artificial intelligence tools dramatically alter the landscape of vulnerability research. According to HackerOne, which manages the programme, AI-assisted research is rapidly expanding both the coverage and speed of vulnerability discovery across the entire ecosystem. Historically, 80% of the programme's payouts rewarded new flaw discoveries, whilst 20% supported remediation efforts. However, this balance has become unsustainable as AI makes it increasingly simple to find bugs, creating a substantial gap between discovery rates and the capacity to actually fix these vulnerabilities.
The impact is already being felt across major projects. Node.js, a popular server-side JavaScript platform known for its extensive ecosystem, will continue accepting and triaging bug reports through HackerOne but will no longer offer financial rewards without Internet Bug Bounty funding. This development follows Google's recent decision last month to halt AI-generated submissions to its Open Source Software Vulnerability Reward Programme, indicating a broader industry trend.
In their statement, the Internet Bug Bounty programme emphasised their responsibility to ensure the initiative effectively serves its dual purpose of both discovery and remediation. The pause allows organisers to reconsider the structure and incentives needed to better align with the realities of the open-source ecosystem. They remain committed to strengthening open-source security and are actively collaborating with project maintainers and researchers to develop solutions that ensure vulnerability discoveries translate into meaningful remediation outcomes rather than simply accumulating unfixed security issues.
Artículos relacionados de LaRebelión:
- Axios NPM Library Hacked Trojan Infiltrates Internet
- AI Tools Transform Linux Bug Detection
- Protege tu Internet con WARP Criptografia Cuantica
- 1994 Internet Text Menus Simpler Browsing
- Amazon Kuiper Satelites a contrarreloj por Internet
Artículo generado mediante LaRebelionBOT
No hay comentarios:
Publicar un comentario