AMD Stiffs Researcher $10,000 Bug Bounty After Critical Security Flaw, Takes 124 Days to Fix
AMD refused $10,000 bounty to researcher Paul LaRosa despite fixing HTTP vulnerability in Windows auto-updaterFinding a critical security vulnerability should get you rewarded, not stiffed. AMD’s auto-updater was downloading software over insecure HTTP connections, letting network attackers slip malicious code onto your system during routine updates. The researcher who found this remote code execution flaw expected a $10,000 bounty. Instead, AMD fixed the problem after four months and paid nothi...
Read more at gadgetreview.com