Comment by tptacek
4 days ago
You're right. AMD could for some reason be unlike every other major tech company that runs a bug bounty. Maybe AMD stood up a public bounty where people get their pay docked when bounties get paid, rather than perfed up. They would potentially save, say, 0.000289% of their annual revenue, in exchange for stories like these. Checks out.
I'm not claiming to know how any major tech company runs their bug bounty program. I'm actually trying to claim that we can't know how AMD (or any of them) do, we can merely express our opinions on it. We can discuss all the public incentives they may have (and our interpretations on how those incentives should play out), but we don't see the internal bureaucratic incentives or the personal incentives or etc etc etc.
We also regularly see how the incentives we see as outsiders (and somewhat insiders) are regularly perverted. For the VW emissions scandal someone could have argued that the incentives were plain and clear, "Design better engines", but they instead went with "Design better ways to scam the tests". This is on top of the way companies will mask their true incentives, like how renewable energy programs are sometimes actually just the smart financial decision but it'll be portrayed as part of the green movement.
To include some explicit personal opinion, I can't throw a stone without hitting a news story about a company that thought they could get away with something but then eventually got called out by it... and they ultimately still got away with it.
This is not the VW emissions scandal.
I'm aware that AMD was not involved in the VW scandal, and that that's not what TFA is about. Was that not clear?
It was a pop culture example of incentives gone wrong to hopefully support why incentives aren't clear cut.