[robrtsql]

It's like Hacktober (where a few YouTube assholes showed a bunch of non-developers how to waste maintainer's time with bogus PRs in order to get free stuff from DigitalOcean) except substantially worse because these issues take longer to dismiss. Horrible.

[cratermoon]

Also, there are (or were) organizations that give their programmers incentives for finding and filing CVEs. Naturally that's lead to lots of low-quality CVEs, and with AI and other automated tools it's become easy for low-information programmers to generate reports on code they have zero understanding of.