A month of bugs is a strategy used by security researchers to draw attention to the lax security procedures of commercial software corporations.
Researchers have started such a project for software products where they believe corporations have shown themselves to be unresponsive and uncooperative to security alerts. For example, when a company does not fix the error after a Responsible disclosure, one may find and disclose one security vulnerability each day for one month.
Examples
[edit]The original "Month of Bugs" was the Month of Browser Bugs (MoBB) run by security researcher H. D. Moore.[1]
Subsequent similar projects include:
- The Month of Kernel Bugs (MoKB) which published kernel bugs for Mac OS X (now macOS), Linux, FreeBSD, Solaris and Windows, as well as four wireless driver bugs.[2][3][4]
- The Month of Apple Bugs (MoAB) conducted by researchers Kevin Finisterre and LMH which published bugs related to Mac OS X.[5][6][7]
- The Month of PHP Bugs sponsored by the Hardened PHP team which published 44 PHP bugs.[8][9][10]
- The Month of AI Bugs conducted by Johann Rehberger published bugs for agentic AI systems throughout the month of August 2025. [11][12]
See also
[edit]References
[edit]- ^ Kerner, Sean Michael (5 July 2006). "The Month of The Browser Bugs Begins". InternetNews.com. QuinStreet Inc. Retrieved 22 October 2010.
- ^ Mogull, Rich (6 November 2006). "Learn from 'Month of Kernel Bugs'". Gartner archive. Gartner Inc. Archived from the original on 23 September 2012. Retrieved 22 October 2010.
- ^ Naraine, Ryan (1 November 2006). "Month of Kernel Bugs Launches with Apple Wi-Fi Exploit". eWeek. Ziff Davis Enterprise Holdings Inc. Retrieved 22 October 2010.
- ^ Evers, Joris (2 November 2006). "Apple wireless flaw revealed". ZDNet. CBS Interactive. Retrieved 22 October 2010.
- ^ McMillan, Robert (20 December 2006). "Apple Bug-Hunt Begins". PC World. PCWorld Communications, Inc. Retrieved 22 October 2010.
- ^ Leyden, John (20 December 2006). "Month of Apple bugs planned for January". The Register. The Register. Retrieved 22 October 2010.
- ^ Naraine, Ryan (19 December 2006). "Coming in January: Month of Apple Bugs". eWeek Security Watch. Ziff Davis Enterprise Holdings Inc. Retrieved 22 October 2010.
- ^ Prince, Brian (3 March 2007). "Month of PHP Bugs Begins". eWeek. Ziff Davis Enterprise Holdings Inc. Retrieved 22 October 2010.
- ^ Naraine, Ryan (1 March 2007). "Flaw trifecta kicks off Month of PHP bugs". ZDNet. CBS Interactive. Archived from the original on 12 August 2010. Retrieved 22 October 2007.
- ^ Naraine, Ryan (4 May 2007). "Controversial 'month of bugs' getting security results". ZDNet. CBS Interactive. Retrieved 22 October 2010.
- ^ Rehberger, Johann (1 August 2025). "Agentic ProbLLMs - The Month of AI Bugs 2025". Embrace The Red. wunderwuzzi23. Retrieved 7 September 2025.
- ^ Rehberger, Johann (30 August 2025). "Wrap Up: The Month of AI Bugs". Embrace The Red. wunderwuzzi23. Retrieved 7 September 2025.
Further reading
[edit]- McMillan, Robert (17 March 2007). "Hackers Promise Month of MySpace Bugs". PC World. Retrieved 22 October 2010.
External links
[edit]- Month of Kernel Bugs (MoKB) archive
- Kernel Fun: Month of the Kernel Bugs blog
- Month of Apple Bugs (MoAB) archive
- Apple Fun: Month of the Apple Buggs blog
- Info-pull.com blog: A complementary blog from the hosts of MoKB and MoAB
- The Month of PHP Security
- Agentic ProbLLMs - The Month of AI Bugs 2025
- Month of AI Bugs Blog Posts