A security researcher who discovered a critical vulnerability in AMD processors says the company has refused to pay a promised ten-thousand-dollar bug bounty—despite taking over four months to patch the flaw. The dispute highlights tensions in the responsible disclosure process: researchers invest time reporting flaws quietly to avoid exploitation, yet companies may withhold rewards after the fact. According to reports on Hacker News, this case raises questions about whether corporate bounty programs meaningfully incentivize the security community.

Listen to this story

Hear this and more stories in a personalized audio briefing.

Open The Chonkerton