AMD denies researcher $10,000 bug bounty for RCE flaw

Researcher Paul found a remote code execution vulnerability via man-in-the-middle attack in AMD's auto-updater. AMD denied the $10,000 bounty, claiming MITM attacks are not covered. AMD imposed a 124-day embargo and later changed disclosure rules after public criticism, drawing backlash from the security community.