{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,3,8]],"date-time":"2026-03-08T01:39:20Z","timestamp":1772933960213,"version":"3.50.1"},"reference-count":39,"publisher":"IEEE","license":[{"start":{"date-parts":[[2025,12,8]],"date-time":"2025-12-08T00:00:00Z","timestamp":1765152000000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-029"},{"start":{"date-parts":[[2025,12,8]],"date-time":"2025-12-08T00:00:00Z","timestamp":1765152000000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-037"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2025,12,8]]},"DOI":"10.1109\/bigdata66926.2025.11402236","type":"proceedings-article","created":{"date-parts":[[2026,3,6]],"date-time":"2026-03-06T20:57:57Z","timestamp":1772830677000},"page":"7923-7932","source":"Crossref","is-referenced-by-count":0,"title":["From Reviewers' Lens: Understanding Bug Bounty Report Invalid Reasons with LLMs"],"prefix":"10.1109","author":[{"given":"Jiangrui","family":"Zheng","sequence":"first","affiliation":[{"name":"Stevens Institute of Technology,Department of Computer Science,Hoboken,NJ,USA"}]},{"given":"Yingming","family":"Zhou","sequence":"additional","affiliation":[{"name":"Stevens Institute of Technology,Department of Computer Science,Hoboken,NJ,USA"}]},{"given":"Ali Abdullah","family":"Ahmad","sequence":"additional","affiliation":[{"name":"Stevens Institute of Technology,Department of Computer Science,Hoboken,NJ,USA"}]},{"given":"Hanqing","family":"Yao","sequence":"additional","affiliation":[{"name":"Stevens Institute of Technology,Department of Computer Science,Hoboken,NJ,USA"}]},{"given":"Xueqing","family":"Liu","sequence":"additional","affiliation":[{"name":"Stevens Institute of Technology,Department of Computer Science,Hoboken,NJ,USA"}]}],"member":"263","reference":[{"key":"ref1","first-page":"9","volume-title":"hach3ro. (2018, Dec.) Http put method enabled. RATELIMITED via HackerOne. Status: Spam; Weakness: Improper Access Control Generic; Severity: Critical","year":"2018"},{"key":"ref2","doi-asserted-by":"publisher","DOI":"10.1093\/cybsec\/tyx008"},{"key":"ref3","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2022.102936"},{"key":"ref4","article-title":"Curl project founder snaps over deluge of time-sucking ai slop bug reports","volume-title":"Reg.","author":"Jones","year":"2025"},{"key":"ref5","doi-asserted-by":"publisher","DOI":"10.1145\/3475716.3484193"},{"key":"ref6","doi-asserted-by":"publisher","DOI":"10.1007\/11766155_21"},{"key":"ref7","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-45741-3_9"},{"key":"ref8","first-page":"19","article-title":"Bug auctions: Vulnerability markets reconsidered","volume-title":"Proc. 3rd Workshop Econ. Inf. Secur.","author":"Ozment","year":"2004"},{"key":"ref9","volume-title":"H. Team. (2024, Mar.) What are bug bounties and how do they work?"},{"key":"ref10","volume-title":"Huntr bug bounty platform.","year":"2025"},{"key":"ref11","volume-title":"(2025, May) Curl fights a flood of ai-generated bug reports from hackerone. Discusses the flood of AI-generated bug reports affecting open-source and bounty programs.","author":"Bressers"},{"key":"ref12","article-title":"Open-source project curl is sick of users submitting \u201cai slop\u201d vulnerabilities","volume-title":"Ars Technica","author":"Claburn","year":"2025"},{"key":"ref13","volume-title":"Death by a thousand slops. Blog post by curl\u2019s founder describing the burden of AI-generated bug reports.","author":"Stenberg"},{"key":"ref14","volume-title":"Will ai-agent-fueled attacks force bug bounty programs to adapt? Analyzes AI-assisted bug hunting, new attack surfaces, and implications for bounty triage.","author":"Lawson","year":"2025"},{"key":"ref15","volume-title":"Beyond the noise: How hackerone cuts through the noise in the age of ai. HackerOne blog post on AI-assisted submissions and triage in the age of generative models.","author":"Prins"},{"key":"ref16","article-title":"Hackerone report finds 210% spike in ai vulnerability reports amid rise of ai autonomy","volume-title":"HackerOne."},{"key":"ref17","doi-asserted-by":"publisher","DOI":"10.70828\/pvsn3075"},{"key":"ref18","article-title":"Crowdsourced security vulnerability discovery: Modeling and organizing bug-bounty programs","volume-title":"Proc. HCOMP Workshop Math. Found. Hum. Comput.","author":"Zhao","year":"2016"},{"key":"ref19","doi-asserted-by":"publisher","DOI":"10.69985\/ZLSK8628"},{"key":"ref20","volume-title":"Report states.","year":"2024"},{"key":"ref21","volume-title":"ruisilva. Hackerone report #226514."},{"key":"ref22","volume-title":"HackerOne. Palo alto software hackerone policy scopes. [Online]."},{"key":"ref23","doi-asserted-by":"publisher","DOI":"10.18653\/v1\/D19-1410"},{"key":"ref24","volume-title":"xdemiray. Hackerone report #2215434."},{"key":"ref25","volume-title":"paramdham. Hackerone report #688546."},{"key":"ref26","volume-title":"hackerboy404. Hackerone report #832593."},{"key":"ref27","article-title":"Equality of opportunity in supervised learning","volume":"29","author":"Hardt","year":"2016","journal-title":"Adv. Neural Inf. Process. Syst."},{"key":"ref28","doi-asserted-by":"publisher","DOI":"10.1146\/annurev-statistics-042720-125902"},{"key":"ref29","doi-asserted-by":"publisher","DOI":"10.5325\/jinfopoli.7.2017.0372"},{"key":"ref30","doi-asserted-by":"publisher","DOI":"10.1287\/isre.2021.0349"},{"key":"ref31","doi-asserted-by":"publisher","DOI":"10.1109\/IBF50092.2020.9034828"},{"issue":"3","key":"ref32","first-page":"1","article-title":"A survey of bug bounty programs: Policies, effectiveness, and challenges","volume":"56","author":"Allodi","year":"2024","journal-title":"ACM Comput. Surv."},{"key":"ref33","first-page":"2275","article-title":"Bug {Hunters\u2019} perspectives on the challenges and benefits of the bug bounty ecosystem","volume-title":"Proc. 32nd USENIX Secur. Symp. (USENIX Secur.)","author":"Akgul","year":"2023"},{"key":"ref34","doi-asserted-by":"publisher","DOI":"10.3390\/info16030209"},{"key":"ref35","first-page":"2105","article-title":"A {Mixed-Methods} study of {OpenSource} software maintainers on vulnerability management and platform security features","volume-title":"Proc. 34th USENIX Secur. Symp. (USENIX Secur.)","author":"Ayala","year":"2025"},{"key":"ref36","volume-title":"Investigating vulnerability disclosures in open-source software using bug bounty reports and security advisories","year":"2025"},{"key":"ref37","doi-asserted-by":"publisher","DOI":"10.1109\/SP61157.2025.00063"},{"key":"ref38","first-page":"273","article-title":"An empirical study of vulnerability rewards programs","volume-title":"Proc. 22nd USENIX Secur. Symp. (USENIX Secur.)","author":"Finifter","year":"2013"},{"key":"ref39","doi-asserted-by":"publisher","DOI":"10.2139\/ssrn.5168044"}],"event":{"name":"2025 IEEE International Conference on Big Data (BigData)","location":"Macau, China","start":{"date-parts":[[2025,12,8]]},"end":{"date-parts":[[2025,12,11]]}},"container-title":["2025 IEEE International Conference on Big Data (BigData)"],"original-title":[],"link":[{"URL":"http:\/\/xplorestaging.ieee.org\/ielx8\/11400704\/11400712\/11402236.pdf?arnumber=11402236","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2026,3,7]],"date-time":"2026-03-07T06:56:02Z","timestamp":1772866562000},"score":1,"resource":{"primary":{"URL":"https:\/\/ieeexplore.ieee.org\/document\/11402236\/"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2025,12,8]]},"references-count":39,"URL":"https:\/\/doi.org\/10.1109\/bigdata66926.2025.11402236","relation":{},"subject":[],"published":{"date-parts":[[2025,12,8]]}}}