»Wegen KI-Schrott – Curl-Entwickler erwägt Ende der Bug-Bounty-Prämien:
Minderwertige Bug-Reports belasten Open-Source-Entwickler immer stärker. Curl-Maintainer @bagder zieht nun radikale Maßnahmen in Erwägung.«
Lasst mich raten, IT-Konzerne belasten Developer von Werkzeugen, die sie Täglich selber nutzen. Was ist daran intelligent oder gar künstlerisch?
/s
#curl #opensource #web #internet #ai #ki #belastung #entwickler #kischrott #bugbounty
Death by a thousand slops
https://daniel.haxx.se/blog/2025/07/14/death-by-a-thousand-slops/
I trust you all take the opportunity to enjoy the fun curl's --libcurl option brings after that security report debacle.
1. run any #curl command line
2. add "--libcurl template.c" to the command line and run it again
3. there, a fine source code embryo to start your libcurl using app from
Sponsor my laptop!
https://daniel.haxx.se/blog/2025/07/12/sponsor-my-laptop/
For #curl of course. What else would I ever do?
Cybersecurity Risk Assessment Request
https://daniel.haxx.se/blog/2025/07/11/cybersecurity-risk-assessment-request/
Time to deprecate TLS 1.0 and 1.1 in #curl ?
I'm doing a keynote next month at an Open Source conference about AI (abuse) in #curl's security program etc. I could use your help:
1. Give me a clever title
2. What details would you like such a talk to contain?
C mistakes among the vulnerabilities present in #curl code
(C mistakes are vulnerabilities that were caused by a mistake that "probably would not have been possible" had we not been using C for curl. Manually assessed for each case.)
So far in 2025, we have received 52 vulnerability reports submitted to #curl. Two per week on average.
5 have been confirmed security problems (and have been published)
11 were tagged AI slop; all banned and reported to HackerOne
15 were considered "normal bugs"
21 were deemed "not applicable" (various reasons)
A space for Bonfire maintainers and contributors to communicate
