GitHub user DanielRuf added a comment to the discussion: Addressing AI-slop in security reports
I am not sure how exactly your Bounty Program works in detail. But when I was active on some big bugbounty platforms, there was some reputation score. Users with a bad reputation can not report new findings in specific projects. As security researcher I would not even report a finding, if I would have to pay some deposit. Even if my finding would be genuine. Not sure if getting money from possible sanctioned countries, barrier to entry, collecting personal payment information beforehand and the extra effort to handle this correctly in terms of finances are problems others keep in mind. What does yeswehack offer for such situations like reputation-based thresholds? 1/20 or 5% genguine reports and 95% slop is a big ratio. GitHub link: https://github.com/apache/logging-log4j2/discussions/4052#discussioncomment-15947946 ---- This is an automatically sent email for [email protected]. To unsubscribe, please send an email to: [email protected]
