Comment by odyssey7
4 days ago
What hair is this splitting? The issue was that AMD allowed a known and serious security vulnerability to exist within their customers’ systems, for months, and acted with a lack of candor while doing so.
4 days ago
What hair is this splitting? The issue was that AMD allowed a known and serious security vulnerability to exist within their customers’ systems, for months, and acted with a lack of candor while doing so.
It's not hair-splitting; it's central to the idea of a bug bounty. Too many people have weird ideas about what bug bounties are for.
Yeah, like the weird idea that those programs are intended to in some way reduce the number of exploitable bugs actually out there.
That's in fact often not their core purpose!
8 replies →
Okay, fair. I was thinking mostly about the high-impact issue of preserving the security vulnerability and how an essential vendor was not being candid, but you are also right to note how AMD was avoiding its responsibilities to the individual researcher himself.
I mean I think you think you're doing bank-shot snark here, but what you're really revealing is that your premises hinge on AMD trying to get out of paying a bounty simply to avoid paying it. Since we know up front that's not one of AMD's incentives, what does that do to your argument? It can't help.