At what point does it become more sensible to black hat these zero days? If the company you are helping out isn't willing to give you more than the finger for your help it seems like you're the fool in that arrangement.
Nobody is buying this vulnerability. If you're unhappy with how a bug bounty program is structured, you should absolutely just post the vulnerability. That's a longstanding norm.
After this disastrous AMD PR, many who find a new vuln will be asking exactly that question. As a result of that, many who are buying CPUs will know how seriously AMD takes security and prompt, correct vuln fixing.
Once again, the AMD motto applies: they never miss an opportunity to miss an opportunity.
Pretty much never unless you live in a jurisdiction that won't punish you or send you to the appropriate people to be punished. If you're Russian and want to never step foot out of Russia and only attack American systems, you can do it.
At what point does it become more sensible to black hat these zero days? If the company you are helping out isn't willing to give you more than the finger for your help it seems like you're the fool in that arrangement.
Feeling grumpy today, I guess.
Nobody is buying this vulnerability. If you're unhappy with how a bug bounty program is structured, you should absolutely just post the vulnerability. That's a longstanding norm.
After this disastrous AMD PR, many who find a new vuln will be asking exactly that question. As a result of that, many who are buying CPUs will know how seriously AMD takes security and prompt, correct vuln fixing.
Once again, the AMD motto applies: they never miss an opportunity to miss an opportunity.
Pretty much never unless you live in a jurisdiction that won't punish you or send you to the appropriate people to be punished. If you're Russian and want to never step foot out of Russia and only attack American systems, you can do it.
[dupe] https://news.ycombinator.com/item?id=48492215
Post from researcher: https://mrbruh.com/amd2/