"The Google Open Source Software Vulnerability Reward Program team is increasingly concerned about the low quality of some AI-generated bug submissions, with many including hallucinations about how a vulnerability can be triggered or reporting bugs with little security impact."
"To ensure our triage teams can focus on the most critical threats, we will now require higher-quality proof (like OSS-Fuzz reproduction or a merged patch) for certain tiers to filter out low-quality reports and allow us to focus on real-world impact."
Google has decided to stop accepting AI-generated submissions to its Open Source Software Vulnerability Reward Program due to concerns about the quality of these reports. Many submissions contained inaccuracies and low-impact vulnerabilities. To improve the quality of reports, Google will now require higher-quality proof, such as OSS-Fuzz reproduction or a merged patch, for certain tiers. This change aims to help triage teams focus on critical threats and real-world impacts.
Read at InfoWorld
Unable to calculate read time
Collection
[
|
...
]