codevoid.de/1/hn/comments_48510357.gph

        _______               __                   _______
       |   |   |.---.-..----.|  |--..-----..----. |    |  |.-----..--.--.--..-----.
       |       ||  _  ||  __||    < |  -__||   _| |       ||  -__||  |  |  ||__ --|
       |___|___||___._||____||__|__||_____||__|   |__|____||_____||________||_____|
                                                             on Gopher (inofficial)
  HTML Visit Hacker News on the Web
       
       
       COMMENT PAGE FOR:
  HTML   AMD Stiffs Researcher $10k Bug Bounty
       
       
        wilburTheDog wrote 2 hours 44 min ago:
        At what point does it become more sensible to black hat these zero
        days? If the company you are helping out isn't willing to give you more
        than the finger for your help it seems like you're the fool in that
        arrangement.
        
        Feeling grumpy today, I guess.
       
          imglorp wrote 2 hours 12 min ago:
          After this disastrous AMD PR, many who find a new vuln will be asking
          exactly that question. As a result of that, many who are buying CPUs
          will know how seriously AMD takes security and prompt, correct vuln
          fixing.
          
          Once again, the AMD motto applies: they never miss an opportunity to
          miss an opportunity.
       
          tptacek wrote 2 hours 27 min ago:
          Nobody is buying this vulnerability. If you're unhappy with how a bug
          bounty program is structured, you should absolutely just post the
          vulnerability. That's a longstanding norm.
       
            strken wrote 1 hour 9 min ago:
            What makes a vulnerability saleable? Is this one not valuable
            because the government clients of someone like Memento Labs don't
            care about a MITM attack on desktop computers?
       
              akerl_ wrote 42 min ago:
              Generally the vulnerabilities you can sell for money are ones
              that somebody can easily use to make money, as part of an
              existing money-making scheme they have.
              
              If the vuln canât be used to make money, or the way it makes
              money requires that a criminal enterprise make up a whole new set
              of workflows, itâs not going to have much of a market.
       
              jnwatson wrote 48 min ago:
              Correct.
       
          IncreasePosts wrote 2 hours 39 min ago:
          Pretty much never unless you live in a jurisdiction that won't punish
          you or send you to the appropriate people to be punished. If you're
          Russian and want to never step foot out of Russia and only attack
          American systems, you can do it.
       
        ChrisArchitect wrote 4 hours 8 min ago:
        [dupe]
        
  HTML  [1]: https://news.ycombinator.com/item?id=48492215
       
        zingababba wrote 4 hours 53 min ago:
        Post from researcher:
        
  HTML  [1]: https://mrbruh.com/amd2/
       
       
   DIR <- back to front page