AMD changes rules, denies researcher $10,000 bounty after taking 124 days to patch security flaw (www.techspot.com)

submitted 1 day ago by floofloof@lemmy.ca to c/cybersecurity@infosec.pub

5 comments fedilink hide all child comments

you are viewing a single comment's thread
view the rest of the comments

[-] Australis13@fedia.io 29 points 23 hours ago

This is how you create people like Nightmare Eclipse.

These people are going out of their way to responsibly disclose vulnerabilites to the bug bounty programs and being treated poorly as a result. Granted, AMD technically didn't have to pay since it was a MITM attack, but they could have at least handled the whole interaction better.

[-] Onomatopoeia@lemmy.cafe 8 points 19 hours ago* (last edited 19 hours ago)

And simply paid they guy out of appreciation.

I generally support the model we've had for bBug disclosure - it's about preventing zero days - which protects the users of these products.

But for AMD stuff now, go ahead and sell your discoveries, let the zero-days ruin AMDs marketing.

this post was submitted on 13 Jun 2026

43 points (100.0% liked)

cybersecurity

6217 readers

100 users here now

An umbrella community for all things cybersecurity / infosec. News, research, questions, are all welcome!

Community Rules

Be kind
Limit promotional activities
Non-cybersecurity posts should be redirected to other communities within infosec.pub.

Enjoy!

founded 3 years ago

MODERATORS

shellsharks@infosec.pub

tweedge@infosec.pub