Internet Bug Bounty program hits pause on payouts
Summary
The Internet Bug Bounty program, administered by HackerOne, is pausing payouts to researchers who find bugs in open-source software. This decision is influenced by the rise of AI-assisted vulnerability discovery, which has shifted the balance between bug findings and remediation capacity.
IFF Assessment
The pause in payouts and the shift in program focus due to AI-assisted research could lead to fewer incentives for researchers to find and report vulnerabilities in open-source software, potentially leaving systems more exposed.
Defender Context
Defenders need to be aware that traditional bug bounty programs are adapting to the impact of AI on vulnerability discovery. This pause might mean fewer proactively reported bugs, potentially requiring more internal efforts for vulnerability management and hardening of open-source dependencies.