cURL Project Suspends Bug Bounty Program

cURL project maintainer Daniel Stenberg says the project will suspend its bug bounty program starting February 1, 2026, citing a surge of LLM-generated bogus vulnerability reports. He published examples in a GitHub gist showing intimidating but false reports that consume developers' time. The suspension underscores challenges for open-source projects facing automated report "slop" and pressures on triage resources.