Researchers who establish and report bugs in open-source software program will not be rewarded by the Internet Bug Bounty workforce. HackerOne, which administers this system, has stated that it’s “pausing submissions” whereas it contemplates methods by which open supply safety may be dealt with extra successfully.
The Internet Bug Bounty program, funded by various main software program corporations, has been run since 2012 and has awarded greater than $1.5m to researchers who’ve reported bugs. Up to now, 80% of its payouts have been for discoveries of recent flaws, and 20% to assist remediation efforts. But as synthetic intelligence makes it simpler to search out bugs, that steadiness wants to vary, HackerOne stated in an announcement.
“AI-assisted research is expanding vulnerability discovery across the ecosystem, increasing both coverage and speed. The balance between findings and remediation capacity in open source has substantively shifted,” stated HackerOne.
