AMD has denied a security researcher a $10,000 bug bounty for discovering a critical vulnerability in its auto-updater software. The researcher, Paul, reported the flaw in February, which could have allowed for remote code execution via a man-in-the-middle attack. Despite AMD's request to temporarily take down his blog post detailing the issue, the company took 124 days to implement a fix and did not offer any bounty payment, citing program policy limitations. AI
IMPACT This incident highlights potential issues in how tech companies handle bug reporting and bounty programs, which could affect researcher trust and software security practices.
RANK_REASON This is a story about a company's internal policy and a dispute over a bug bounty, not a new product release or significant industry-wide event.
AI-generated summary · Google Gemini · from 2 sources. How we write summaries →
