AMD Denies Security Researcher $10,000 Bug Bounty
AMD has denied a security researcher a $10,000 bug bounty for discovering a critical auto-updater vulnerability, citing policy excluding man-in-the-middle attacks. The researcher cooperated with AMD, and the vulnerability was patched after 124 days. The decision has sparked criticism, with some arguing it undermines the bug bounty program's purpose.
Key points
- AMD denied a $10,000 bug bounty to a security researcher who discovered a critical auto-updater vulnerability.
- The vulnerability, which could have led to remote code execution, was patched after 124 days.
- AMD cited policy excluding man-in-the-middle attacks as the reason for denying the bounty.
- The researcher cooperated with AMD and removed a blog post at the company's request, only to have it reinstated.
- The decision has sparked criticism, with some arguing it undermines the bug bounty program's purpose.
AMD has faced criticism after denying a security researcher a $10,000 bug bounty for discovering a critical auto-updater vulnerability. The researcher, who was not named, cooperated with AMD and removed a blog post at the company's request. However, the post was later reinstated, and the researcher's efforts to receive the bounty were unsuccessful.
The vulnerability, which could have led to remote code execution, was patched after 124 days. AMD cited policy excluding man-in-the-middle attacks as the reason for denying the bounty. This decision has sparked criticism, with some arguing it undermines the bug bounty program's purpose.
Bug bounty programs are designed to encourage researchers to identify vulnerabilities in software and receive a reward for their efforts. By denying the bounty, AMD may be discouraging other researchers from participating in the program.
The incident highlights the importance of clear policies and communication in bug bounty programs. It also raises questions about the effectiveness of these programs in promoting software security.
Sources
The WireByte editorial team synthesises technology news from multiple primary sources, verifies the facts, and links every source. Articles are produced with AI assistance and reviewed under our editorial policy.