Turso Ends Bug Bounty Program Due to AI-Generated Submissions

Severity: Low (Score: 24.9)

Sources: Neowin, News.Ycombinator

Summary

Turso has officially retired its bug bounty program, which offered $1,000 for bugs leading to data corruption. The decision comes after a surge of AI-generated submissions, referred to as 'AI slop', that cluttered the review process. Many submissions claimed to identify critical bugs but lacked substance, often confusing developers. This led to wasted development time as the team struggled to differentiate between legitimate reports and automated noise. Turso's team had initially launched the program to enhance testing and encourage community contributions. However, the influx of nonsensical pull requests prompted them to close the program to maintain project integrity. Despite this, Turso will continue to accept contributions without financial incentives. The situation reflects broader challenges faced by open-source projects in the era of generative AI. Key Points: • Turso retired its bug bounty program due to overwhelming AI-generated submissions. • The program offered $1,000 for legitimate bug reports, but was abused by automated tools. • Turso will still accept contributions but without monetary incentives to reduce noise.

Key Entities

• Sql Injection (attack_type)
• Cwe-787 - Out-of-bounds Write (cwe)
• Cwe-89 - SQL Injection (cwe)