Search
Recently, a security researcher came forward to reveal a disagreement with AMD concerning a vulnerability bounty. The researcher stated that, back in February of this year, they reported a remote code execution vulnerability found in AMD's auto-updater software to the company. However, AMD declined to pay the promised $10,000 bounty, asserting that the vulnerability bounty program did not encompass man-in-the-middle attacks. Nevertheless, AMD did eventually address the vulnerability, albeit after a lengthy 124-day period, which is significantly longer than the typical timeframe. Moreover, the researcher has still not received any payment. This incident has raised widespread concerns within the industry regarding AMD's vulnerability management process and bounty program.
-
C114 Communication Network -
Communication Home
