HackerOne’s Internet Bug Bounty program has been paused while adjustments are evaluated to maximize value for researchers, sponsors, and the open-source ecosystem. A researcher who reported an open-source security flaw months earlier received a much lower payout than the previous reward rate. A medium-severity vulnerability that previously paid $1,843 now pays $297. Critical vulnerability rewards dropped from $9,250 to $2,257, and high-severity rewards fell from $4,429 to $1,009. Low-severity rewards decreased from $597 to $68. HackerOne stated the program’s bounty levels automatically adjust based on active participating sponsors’ contributions and that payouts are regularly adjusted accordingly. The spokesperson did not directly address whether AI-generated reports influenced the pause and reward reductions.
"At least one bug hunter who found an open source security flaw and reported it months ago via HackerOne's backlogged Internet Bug Bounty (IBB) program finally got paid for his work - but at a drastically reduced reward rate. The security researcher found a medium-severity vulnerability that previously paid $1,843. As of Monday, HackerOne's IBB pays $297 for the same severity level."
"Similarly, the new IBB cash prize for a critical vulnerability is $2,257, compared to the previous $9,250 reward. High-severity bugs now fetch $1,009, while they used to earn a $4,429 payout. And low-severity bugs earn researchers $68, compared to the previous $597 reward. HackerOne's IBB remains on a break, and is not accepting new submissions."
""The IBB program is currently paused while we evaluate adjustments to the program that will maximize value to researchers, sponsors, and the open-source ecosystem," a spokesperson told us. "We remain committed to strengthening open source security through ethical security research." When asked if AI-generated reports played a role in the pause and reduced reward amounts, a spokesperson didn't give us a direct answer."
""The Internet Bug Bounty is a unique, dynamic program where bounty levels automatically adjust based on the contributions from active participating sponsors," the HackerOne spokesperson said. "Payouts under this program are regularly adjusted accordingly, as provided in the IBB program description.""
Read at theregister
Unable to calculate read time
Collection
[
|
...
]