trunko
daniel:// stenberg://The button has been pressed.
Frank Gevaerts@bagder these buttons sound dangerous!
Gregory
Xeniac@FrankGevaerts @bagder ... Sure they could generate a request on GitHub, or even publish a press release. But why bother? They won't get a reward.
Cassandrich
𝔱.𝔥.@xeniac @FrankGevaerts @bagder a good chunk of the slop-conjurers think they are actually doing something helpful by submitting a genAI created ticket.
well, there are also some people who do not care for other people's time (like the whole expressjs spam situations https://github.com/expressjs/express/pulls?q=is%3Apr+is%3Aclosed+Update+Readme.md+review%3Arequired )
Graham Sutherland / Polynomial@bagder time for a long sigh of disappointment and relief.
@bagder I've had a few conversations about this saga with other folks in security, and the resounding feeling is that this is the beginning of the end for BBPs as a whole. one friend who works in a blueteam role said their employer's infosec team is pulling their managed BBP in the next few weeks for the same reason. several people remarked that being involved with BBP triage was severely emotionally draining due to constant belligerence from submitters.
AT
Chris Petrilli@bagder absolutely the right thing to do I don’t know what I’d be doing now if I was still involved in a massive bug bounty program.
Moving somewhere without Internet probably.
Andrew Wippler