Death by a thousand slops
97 points by technetium
97 points by technetium
I disagree - a small fee feels like a reasonable solution (assuming setting up and maintaining the infra to accept the payment isn’t itself a huge burden) because almost zero drive-by AI slop people would be willing to fork over $5 for the small chance that their AI slop bug report might produce a big reward; the expected value of that $5 is less than $5.
Anecdotally, I paid Google $5 to become a Chrome Web Store developer just so I could put my free (and non-money-making) extension on there. And I imagine most people seeking to earn bug bounties would similarly find this fee worth the trouble.
Using an invitation-based system (like lobste.rs does) might also help. You can detect when a branch of your invite tree becomes rotten and prune it accordingly (or shadow ban).
Yeah, you can make this refunded at a much more generous rate than an actual payout. So if it is a quality report that the project doesn’t consider a security issue or whatever you don’t get a payout but you do get you $5 back (or a token that you can use to file another report). Done right this could be basically a one-time fee for good reporters but an ongoing cost for slop singers.
The solution to spam is almost always adding a cost to be lost. The simplest and direct cost is always money.
That’s a great idea. If you’re given a free lottery ticket, you should obviously take it. But if you have to pay $5 for it, you want to be at least a little confident that it will be a winner.
Asking for a deposit is another idea. You get it back if your POC actually works and the bug is in curl and not in a dependency.
A deposit that’s only refundable if the bug is marked valid is a theoretically nice solution. The problem is that handling money is terrible (mentioned in the article).
Also it’s not up to the curl project, it’s up to Hackerone, the site they use to host the reports. All Daniel Curl can do is ask nicely for them to add this feature.
Handling money is terrible, but so is maintaining your own reporting infrastructure in the first place. That’s what HackerOne is for.
I agree with the money idea (even though Daniel doesn’t) but there are some subtleties. It’s not clear to me if this:
You get it back if your POC actually works and the bug is in curl and not in a dependency.
Is the right criteria. What if you’re a good faith reporter, and you did not use AI, but you typo’d your POC? What if the bug is caused by an interaction with a dependency, does that count as “in a dependency”?
I think it’s workable, but the criteria should be specified by the host (in this case HackerOne) and it should be pretty broad. Basically, “if we think you’re reporting in good faith, you’ll get your money back. If we see you using AI, we’re keeping your money.” Maybe let individual projects change it, but the default should be that people get their money back, as opposed to the default being that they don’t.
(I’m also conveniently ignoring Daniel’s suspicion, though, that many of these AI reporters are doing so in good faith and think that they’re helping curl.)
it is not certain that removing the money from the table is going to completely stop the flood. We need to be prepared for that as well. Let’s burn that bridge if we get to it.
It might help a bit, but I think besides money another motivation is getting a list of CVEs that they can put on their resumee. The problem is that with AI people can make slop much faster than humans can filter them. I guess it’s similar to e-mail. Either you need a very good classifier to reject slop with high probability (with the risk of false positives), or you need to increase the cost of reporting.
I thought the exact same thing. People in countries where buzzword bingo is meaningful for their resumes (number of GitHub commits, CVEs filed, CVEs fixed etc etc) are not in it for the direct money. They’re in it to make those numbers go up. They couldn’t care less about the project or its health. I doubt dropping the money will do anything to combat slop.
I liked the idea from one of the comments on the blog post: require submitters with insufficient reputation to include a screencast that demonstrates the flaw.
Even if that won’t stop all attempts to submit slop, it should make it much faster to see whether a submission is slop.
I think that could make more work actually. I imagine most/many would generate a video with ai that then needs to be checked as well.
IME AI-generated videos are so obviously slop that there’s no need to watch more than a few seconds before it’s very clear. Whereas AI-generated text looks plausible for considerably longer.
I am semi-wildly guessing, too, that GenAI video would have more invisible artifacts than GenAI text which could then be detected by an ML model. I could easily be wrong though.
It makes me so sad to see the author genuinely engage in the report like this: https://hackerone.com/reports/2298307
only to be met back with even more slop. Its sick.
At first I thought “oh it cant be that bad can it”. Then I read some of these. Where do people get their confidence from? I would be so embarassed to post stuff I clearly don’t understand to a place where professionals are that do understand. Like, there is no scenario where this could work.
#9 gave me a good laugh https://hackerone.com/reports/2981245
But overall, yikes, I feel for the maintainers.
Looking through some of the examples of slop, it seems like they could filter out a good chunk by checking if the report properly uses code blocks.
I can understand the angle but the idea of dropping the monetary part of bug bounties alerts me.
I’ve seen too many blog posts where after some technical description of an interesting bug, you get the grand reveal of zero dollars paid out for reporting it, it’s always a bit of a letdown, bug bounties and payouts are linked (at least for me) mentally as compensation for reporting it ethically.
From my personal experience doing bug bounties, if your interest is compensation, bug bounties are simply not worth it unless you can find bugs quickly enough & that pay enough to make at least the minimum wage. If you have important bugs in curl and you want to make money… might as well sell them to companies like Zerodium that resell them to governments, even though that’s obviously ethically and morally dubious. curl runs everywhere, and good bugs will be compensated far more than the bug bounty would be able to offer.
I can see the point of compensation as a token though, especially for an open-source project, but then again there clearly are perverse incentives.
This is also my experience. These days I find vulns first and go and check to see if I can get a little bit of free money from the bounty after the fact. Ironically, bug bounties encourage the sort of squeezing pennies out of fluff vulns at the margins behavior that the curl project gets mad about which his always a race to the bottom. It’s perverse incentives all the way down.
If your goal is money, the other way to do it with bug bounties is to find some particular bug class that you have a good way of detecting, and then run at scale against hundreds or thousands of companies.
If you focus on bespoke bug bounty reports, the payoff will very likely not be enough to make it worthwhile. You either need scale, or something really high impact (like a no-interaction RCE in a browser or mobile OS) to get big money.
Well yeah of course shutting it down would be terrible, but what’s the alternative? Langlemangle is why we can’t have nice things.