A security researcher, identified as Paul, has detailed his experience with AMD after discovering a critical vulnerability in the company's auto-updater software. Despite cooperating with AMD to fix the flaw, which involved a potential remote code execution via man-in-the-middle attack, AMD denied him a $10,000 bug bounty, citing policy exclusions for MITM attacks. The fix took 124 days to implement, and the researcher reportedly received no compensation for his efforts, even after agreeing to an extended embargo period at AMD's request. AI
IMPACT Highlights potential issues in how hardware manufacturers handle security disclosures and bug bounties, which could impact trust in their software supply chains.
RANK_REASON This is a story about a company's internal process for handling a security vulnerability and bug bounty claims, not a new product release or core AI research.
AI-generated summary · Google Gemini · from 1 sources. How we write summaries →
