Researchers who determine and report bugs in open-source software program will not be rewarded by the Web Bug Bounty workforce. HackerOne, which administers this system, has stated that it’s “pausing submissions” whereas it contemplates methods wherein open supply safety will be dealt with extra successfully.
The Web Bug Bounty program, funded by a variety of main software program firms, has been run since 2012 and has awarded greater than $1.5m to researchers who’ve reported bugs. So far, 80% of its payouts have been for discoveries of recent flaws, and 20% to assist remediation efforts. However as synthetic intelligence makes it simpler to seek out bugs, that stability wants to vary, HackerOne stated in a press release.
“AI-assisted analysis is increasing vulnerability discovery throughout the ecosystem, rising each protection and pace. The stability between findings and remediation capability in open supply has substantively shifted,” stated HackerOne.
