Comment by tptacek
4 days ago
It's not hair-splitting; it's central to the idea of a bug bounty. Too many people have weird ideas about what bug bounties are for.
4 days ago
It's not hair-splitting; it's central to the idea of a bug bounty. Too many people have weird ideas about what bug bounties are for.
Yeah, like the weird idea that those programs are intended to in some way reduce the number of exploitable bugs actually out there.
That's in fact often not their core purpose!
What is it?
3 replies →
... which is why the rest of us should give them, and those who operate them, zero respect.
Nobody but AMD gives a fuck about AMD's internal policies or motivations.
3 replies →
Okay, fair. I was thinking mostly about the high-impact issue of preserving the security vulnerability and how an essential vendor was not being candid, but you are also right to note how AMD was avoiding its responsibilities to the individual researcher himself.
I mean I think you think you're doing bank-shot snark here, but what you're really revealing is that your premises hinge on AMD trying to get out of paying a bounty simply to avoid paying it. Since we know up front that's not one of AMD's incentives, what does that do to your argument? It can't help.