sanitation@lemmy.today to Technology@lemmy.worldEnglish · 23 hours agoAMD denies researcher a $10,000 bug bounty after fixing critical auto-updater vulnerability — security flaw took 124 days to patchwww.tomshardware.comexternal-linkmessage-square49fedilinkarrow-up1668arrow-down16
arrow-up1662arrow-down1external-linkAMD denies researcher a $10,000 bug bounty after fixing critical auto-updater vulnerability — security flaw took 124 days to patchwww.tomshardware.comsanitation@lemmy.today to Technology@lemmy.worldEnglish · 23 hours agomessage-square49fedilink
minus-squarearsCynic@piefed.sociallinkfedilinkEnglisharrow-up4·18 hours agoIf anyone could provide an AMD email to ask for a statement concerning this issue, that would be nice.
minus-squarekuhli@lemmy.dbzer0.comlinkfedilinkEnglisharrow-up8arrow-down1·16 hours agoI don’t think a statement is really needed here, this wasn’t a vulnerability, the code was never called. Even if the code were called, the $10,000 bounty is for a different type of bug entirely too
minus-squarebaines@lemmy.cafelinkfedilinkEnglisharrow-up3·edit-28 hours agoso stacking vulnerabilities is a thing if the code exists it can be called this is a valid bug and it’s silly to rule lawyer something like this so good job amd, you are ‘actually’ right, this totally won’t cost you in the long run at all god damn do lawyers and business majors need to stop making tech decisions
If anyone could provide an AMD email to ask for a statement concerning this issue, that would be nice.
I don’t think a statement is really needed here, this wasn’t a vulnerability, the code was never called. Even if the code were called, the $10,000 bounty is for a different type of bug entirely too
so stacking vulnerabilities is a thing
if the code exists it can be called
this is a valid bug and it’s silly to rule lawyer something like this
so good job amd, you are ‘actually’ right,
this totally won’t cost you in the long run at all
god damn do lawyers and business majors need to stop making tech decisions