This is how you create people like Nightmare Eclipse.
These people are going out of their way to responsibly disclose vulnerabilites to the bug bounty programs and being treated poorly as a result. Granted, AMD technically didn’t have to pay since it was a MITM attack, but they could have at least handled the whole interaction better.
This is how you create people like Nightmare Eclipse.
These people are going out of their way to responsibly disclose vulnerabilites to the bug bounty programs and being treated poorly as a result. Granted, AMD technically didn’t have to pay since it was a MITM attack, but they could have at least handled the whole interaction better.
And simply paid they guy out of appreciation.
I generally support the model we’ve had for bBug disclosure - it’s about preventing zero days - which protects the users of these products.
But for AMD stuff now, go ahead and sell your discoveries, let the zero-days ruin AMDs marketing.