daniel:// stenberg://Jan 26

The end of the #curl bug-bounty

https://daniel.haxx.se/blog/2026/01/26/the-end-of-the-curl-bug-bounty/

The end of the curl bug-bounty

tldr: an attempt to reduce the terror reporting. There is no longer a curl bug-bounty program. It officially stops on January 31, 2026. After having had a few half-baked previous takes, in April 2019 we kicked off the first real curl bug-bounty with the help of Hackerone, and while it stumbled a bit at first … Continue reading The end of the curl bug-bounty →

daniel.haxx.se
Show threadTorsten CurdtJan 26

@bagder without reading the article I knew why 😔

Maybe submitting a repot should cost something? The people that are confident about their findings would get the reward that easily pays for that. For the slop that's just too expensive.

Sounds weird but... maybe?

Show threaddaniel:// stenberg://
@tcurdt so when you read the post you can read my answer to that question!
Jan 26 at 3:55pmWeb
Show threadTorsten CurdtJan 26

@bagder

Sorry, I was too quick with my reply 🫣

Yeah, I can see receiving a fee being a pain, too. Especially the uneven barrier to entry feels unfair.