$10k is nothing to AMD. The middle-management bean counters making these decisions are actively harming their company’s (and user’s security.
AMD changes rules, denies researcher $10,000 bounty after taking 124 days to patch security flaw
Submitted 2 hours ago by floofloof@lemmy.ca to cybersecurity@infosec.pub
https://www.techspot.com/news/112746-amd-changes-rules-denies-researcher-10000-bounty-after.html
Australis13@fedia.io 2 hours ago
This is how you create people like Nightmare Eclipse.
These people are going out of their way to responsibly disclose vulnerabilites to the bug bounty programs and being treated poorly as a result. Granted, AMD technically didn't have to pay since it was a MITM attack, but they could have at least handled the whole interaction better.