"Like many other software projects, we have been receiving an increasing number of generic AI security reports via platforms such as HackerOne for some time now. This makes it difficult to distinguish genuine, valuable reports from generic AI output."
"No financial rewards will be paid for submitted reports, regardless of the severity of the vulnerability. Reports submitted before April 22 will still be processed under the old policy."
"We would like to take this opportunity to thank the research community for your past support in helping to make Nextcloud more secure."
Nextcloud is discontinuing its bug bounty program on HackerOne because of a surge in generic, AI-generated vulnerability reports. This influx has complicated the identification of high-quality submissions. Financial rewards for all reports, including critical vulnerabilities, will cease. However, HackerOne will remain open for valid reports, and the security team continues to welcome submissions. The program, launched in 2017, aimed to engage external researchers in identifying vulnerabilities. The Nextcloud Security Team expressed gratitude to the research community for their past contributions.
Read at Techzine Global
Unable to calculate read time
Collection
[
|
...
]