Comment by tgsovlerkhgsel

This is a pretty common behavior that I've seen from bug bounty programs:

> a blog post discussing this issue has already been published, which does not appear to be in accordance with the program’s terms.

Companies reject bugs as out of scope and/or sit on them forever, then use the bug bounty ToS as intimidation to keep people from disclosing them. And sadly, it works.

I'm adding AMD to my list of companies that prefer their bug reports to be a public full disclosure rather than attempting to go through their bug bounty program.