Comment on AMD changes rules, denies researcher $10,000 bounty after taking 124 days to patch security flaw
pulsewidth@lemmy.world 1 week ago
$10k is nothing to AMD. The middle-management bean counters making these decisions are actively harming their company’s (and user’s security.
bamboo@lemmy.blahaj.zone 1 week ago
The flaw of not using HTTPS for the downloads is so basic it’s shocking they didn’t have internal tooling to raise this before it was shipped. I’m not familiar with AMD’s bug bounty policy but they should have at least paid $1337 to the researcher for raising this to them.