Since the update one month ago the rate of incoming bug reports has continued to increase. Report verbosity is increasing and quality is decreasing. Processing these reports is becoming a severe drain on resources that is not sustainable in the long term.
“We call this “sloptimism,” overly optimistic submissions driving large volumes of speculative or AI-generated reports submitted with minimal to no pre-submission validation and limited context.”
— Trey Ford, bugcrowd
The emergence of the sloptimism problem can clearly be seen by charting the number of reports submitted to the Decred bug bounty program since its inception.
Sloptimism is here to stay and is only liable to become more prevelant with the increasing usage and availability of AI powered code analysis tools. It is clear that bug bounty programs will not be able to survive without adequate protection measures in place. As such, the Decred Bug Bounty program is going into hiatus effective immediately. The downtime will be used to investigate and implement spam protection measures, and the program will not resume until a solution is in place.
