Researchers who determine and report bugs in open-source software program will now not be rewarded by the Web Bug Bounty crew. HackerOne, which administers this system, has mentioned that it’s “pausing submissions” whereas it contemplates methods through which open supply safety may be dealt with extra successfully.
The Web Bug Bounty program, funded by quite a lot of main software program firms, has been run since 2012 and has awarded greater than $1.5m to researchers who’ve reported bugs. Thus far, 80% of its payouts have been for discoveries of latest flaws, and 20% to help remediation efforts. However as synthetic intelligence makes it simpler to search out bugs, that steadiness wants to alter, HackerOne mentioned in an announcement.
“AI-assisted analysis is increasing vulnerability discovery throughout the ecosystem, growing each protection and pace. The steadiness between findings and remediation capability in open supply has substantively shifted,” mentioned HackerOne.