arm them with common security vulnerabilities, and let them loose on code bases, opening issues and submiting patches
I agree this is a good idea. However, a lot of security gaps are introduced from unusual implementations, unusual requirements, unusual tech-baggage. Finding gaps in your average Java/Spring & Angular program are only scratching the surface
LLMs are finding use among developers who don't natively speak English
skill issue
Whether it's for the bug bounties, or for the social clout of getting accepted contributions to open source, the incentives to continue trying this spam will continue, and I don't see a great mitigation strategy for the code maintainers. Thus, I like to think of it as "spam" as in unwanted email.
That's a good point. Maybe needs some kind of proof that an automated issue submitter is actually competent and/or actually did put effort in
10 sats \ 1 reply \ @geeknik 10 May
Psh. I never put any effort into bug bounties, my entire pipeline is automated from asset discovery to report submission. It's the best source of passive income I've found that never fails to deliver. Automation makes work feel like a paid vacation.
reply
This sounds intriguing. Are there places where you talk more about your pipeline?
reply