easternherald.com

AMD Rewrote Its Own Bug Bounty Rules to Silence a Researcher, Then Refused to Pay (opens in new tab)

Covers AMD changes rules, denies researcher $10,000 bounty after taking 124 days to patch security flaw

A 22-year-old security researcher discovered AMD's auto-updater silently fetching executables over plain HTTP — a flaw that could allow any attacker on the same network to inject malware with elevated privileges. AMD's response was to close the report, request silence for 124 days, rewrite its own rules retroactively, and withhold the $10,000 bounty.

Read the original article
Sign in to keep reading the full article.
Sign UpLog In

Keyboard Shortcuts

Navigation

Next / previous post
j/k
Open post
oorEnter
Preview post
v

Post Actions

Love post
a
Like post
l
Dislike post
d
Undo reaction
u
Save / unsave
s

Recommendations

Add interest / feed
Enter
Not interested
x

Go to

Home
gh
Interests
gi
Feeds
gf
Likes
gl
History
gy
Changelog
gc
Settings
gs
Discover
gb
Search
/

General

Show this help
?
Submit feedback
!
Close modal / unfocus
Esc

Press ? anytime to show this help