Month of bugs

A month of bugs is a strategy used by security researchers to draw attention to the lax security procedures of commercial software corporations.

Researchers have started such a project for software products where they believe corporations have shown themselves to be unresponsive and uncooperative to security alerts. For example, when a company does not fix the error after a Responsible disclosure, one may find and disclose one security vulnerability each day for one month.

Examples

The original "Month of Bugs" was the Month of Browser Bugs (MoBB) run by security researcher H. D. Moore. ^[1]

Subsequent similar projects include:

• The Month of Kernel Bugs (MoKB) which published kernel bugs for Mac OS X (now macOS), Linux, FreeBSD, Solaris and Windows, as well as four wireless driver bugs. ^{[2] [3] [4]}
• The Month of Apple Bugs (MoAB) conducted by researchers Kevin Finisterre and LMH which published bugs related to Mac OS X. ^{[5] [6] [7]}
• The Month of PHP Bugs sponsored by the Hardened PHP team which published 44 PHP bugs. ^{[8] [9] [10]}
• The Month of AI Bugs conducted by Johann Rehberger published bugs for agentic AI systems throughout the month of August 2025. ^{[11] [12]}

See also

• Fuzz testing
• Metasploit Project
• Vulnerability (computing)

References

1. Kerner, Sean Michael (5 July 2006). "The Month of The Browser Bugs Begins". InternetNews.com. QuinStreet Inc. Retrieved 22 October 2010.
2. Mogull, Rich (6 November 2006). "Learn from 'Month of Kernel Bugs'". Gartner archive. Gartner Inc. Archived from the original on 23 September 2012. Retrieved 22 October 2010.
3. Naraine, Ryan (1 November 2006). "Month of Kernel Bugs Launches with Apple Wi-Fi Exploit". eWeek . Ziff Davis Enterprise Holdings Inc. Retrieved 22 October 2010.
4. Evers, Joris (2 November 2006). "Apple wireless flaw revealed". ZDNet . CBS Interactive . Retrieved 22 October 2010.
5. McMillan, Robert (20 December 2006). "Apple Bug-Hunt Begins". PC World . PCWorld Communications, Inc. Retrieved 22 October 2010.
6. Leyden, John (20 December 2006). "Month of Apple bugs planned for January". The Register . The Register. Retrieved 22 October 2010.
7. Naraine, Ryan (19 December 2006). "Coming in January: Month of Apple Bugs". eWeek Security Watch. Ziff Davis Enterprise Holdings Inc. Retrieved 22 October 2010.
8. Prince, Brian (3 March 2007). "Month of PHP Bugs Begins". eWeek . Ziff Davis Enterprise Holdings Inc. Retrieved 22 October 2010.
9. Naraine, Ryan (1 March 2007). "Flaw trifecta kicks off Month of PHP bugs". ZDNet . CBS Interactive. Archived from the original on 12 August 2010. Retrieved 22 October 2007.
10. Naraine, Ryan (4 May 2007). "Controversial 'month of bugs' getting security results". ZDNet . CBS Interactive . Retrieved 22 October 2010.
11. Rehberger, Johann (1 August 2025). "Agentic ProbLLMs - The Month of AI Bugs 2025". Embrace The Red. wunderwuzzi23. Retrieved 7 September 2025.
12. Rehberger, Johann (30 August 2025). "Wrap Up: The Month of AI Bugs". Embrace The Red. wunderwuzzi23. Retrieved 7 September 2025.

Further reading

• McMillan, Robert (17 March 2007). "Hackers Promise Month of MySpace Bugs". PC World . Retrieved 22 October 2010.

External links

• Month of Kernel Bugs (MoKB) archive
• Kernel Fun: Month of the Kernel Bugs blog
• Month of Apple Bugs (MoAB) archive
• Apple Fun: Month of the Apple Buggs blog
• Info-pull.com blog: A complementary blog from the hosts of MoKB and MoAB
• The Month of PHP Security
• Agentic ProbLLMs - The Month of AI Bugs 2025
• Month of AI Bugs Blog Posts