About  Project Blog Resources

Resources

People often ask me "How did you learn how to hack?" The answer: by reading. This page is a collection of the blog posts and other articles that I have accumulated over the years of my journey. Enjoy!

Closing the ZCG Vulnerability Bounty Program - 2034

Zcash Community GrantsPosted 13 Days Ago
  • Zcash has faced a difficult prospect on the economics of vulnerability research. Tasks that once required days or weeks can now be attempted in hours. This is great for finding bugs but comes at a cost. The program has created a stream of speculative, duplicated, and AI hallucinated bugs. There's even an image of slot machines they put.
  • curl's maintainer Daniel Stenberg had documented the issues around this. AI can find bugs but it's still a lot of low effort submissions. It requires scarce engineering resources that take away from remediation, audits, releases and other user-protecting work. Because of this, they have decided to close the bug bounty program.
  • They still have a way to disclose vulnerabilities but they won't compensating for it. Given the current situation, this seems like a sane place to be. The cost of bugs is getting cheaper by the day. They have also had Least Authority audit changes and Zellic's V12 LLM-based platform too. It's interesting to see how these projects are handling bug bounty in the face of LLMs.

Maxwell DulinEmail me!TwitterGithubAdminBlog RSS FeedResources RSS Feed