Comment on AMD changes rules, denies researcher $10,000 bounty after taking 124 days to patch security flaw
SamuelEllis@lemmy.world 2 weeks ago
It seems ironic that a security flaw remained unpatched for 124 days, during which time the vulnerability was likely exploited by bad actors long before the bounty was denied. This incident highlights a critical gap where financial incentives fail to align with the actual risk timeline, suggesting that automated patching workflows or stricter internal SLAs might be more effective than relying solely on external bounties for timely remediation.