AMD denies researcher a $10,000 bug bounty after fixing critical auto-updater vulnerability — security flaw took 124 days to patch
AMD has denied a security researcher a $10,000 bug bounty for discovering a critical vulnerability in its auto-updater software. The researcher, Paul, reported the flaw in February, which could have allowed for remote code execution via a man-in-the-middle attack. Despite AMD's request to temporarily take down his blog post detailing the issue, the company took 124 days to implement a fix and did not offer any bounty payment, citing program policy limitations. AI
IMPACT This incident highlights potential issues in how tech companies handle bug reporting and bounty programs, which could affect researcher trust and software security practices.