It's like Hacktober (where a few YouTube assholes showed a bunch of non-developers how to waste maintainer's time with bogus PRs in order to get free stuff from DigitalOcean) except substantially worse because these issues take longer to dismiss. Horrible.
Also, there are (or were) organizations that give their programmers incentives for finding and filing CVEs.
Naturally that's lead to lots of low-quality CVEs,
and with AI and other automated tools it's become easy for low-information programmers to generate reports on code they have zero understanding of.
