AMD Stiffs Researcher $10,000 Bug Bounty After Critical Security Flaw, Takes 124 Days to Fix - Gadget Review

AMD's auto-updater downloaded software over insecure HTTP, letting attackers inject malware during updates before a 124-day delayed fix.

AMD refused $10,000 bounty to researcher Paul LaRosa despite fixing HTTP vulnerability in Windows auto-updaterFinding a critical security vulnerability should get you rewarded, not stiffed. AMD’s aut…