Researchers who determine and report bugs in open-source software program will now not be rewarded by the Web Bug Bounty workforce. HackerOne, which administers this system, has stated that it’s “pausing submissions” whereas it contemplates methods through which open supply security could be dealt with extra successfully.
The Web Bug Bounty program, funded by a lot of main software program corporations, has been run since 2012 and has awarded greater than $1.5m to researchers who’ve reported bugs. To this point, 80% of its payouts have been for discoveries of latest flaws, and 20% to assist remediation efforts. However as synthetic intelligence makes it simpler to search out bugs, that stability wants to alter, HackerOne stated in a press release.
“AI-assisted analysis is increasing vulnerability discovery throughout the ecosystem, growing each protection and velocity. The stability between findings and remediation capability in open supply has substantively shifted,” stated HackerOne.
