Have they not understood what currently is happening with Microsoft?
Advertising that you stiff smart people who know your architecture? Good luck AMD.
Well the next time someone finds a bug in their software they will have to find other ways to monetize it.
A long time ago I felt like bug bounty programs would be an amazing way forward… Now I’m firmly in the camp of fuck it, sell it to the highest bidder.
The only issue with doing that is selling it to a nefarious party hurts the users and not really AMD. Or at least it isn’t hurting AMD anywhere near as much as it might hurt an innocent party.
And that is a risk AMD is willing to take.
Depends if the company has a history of honoring bounties or not.
This is going to work out really well for AMD. Any future vulnerabilities will most certainly be reported to them, responsibly. Right?
Totally. If they happen to be the highest bidder on the dark web that is
My favourite part was when they rejected the flaw saying it’s out of scope for their bounty program but still wanted him to keep it secret because of the rules of the bounty program. The same bounty program that didn’t cover it.
Didn’t Microsoft just pull this same thing and now there’s all these 0-days getting released publicly as vengeance? I swear, all these companies are sharing the same brain cell…
all these companies are sharing the same brain cell…
This cell is called investors.
all these companies are sharing the same brain cell…
they all have upper management that went to the same schools and the same classes, so they’re all indoctrinated the same way.
And the people in the houses
All went to the university
Where they were put in boxes
And they came out all the sameAnd there’s doctors and lawyers
And business executives
And they’re all made out of ticky-tacky
And they all look just the sameAnd they all play on the golf course
And drink their martinis dry
And they all have pretty children
And the children go to schoolAnd the children go to summer camp
And then to the university
Where they are put in boxes
And they come out all the sameExactly. The engineering teams are in the background saying to pay him.
Plus they are following the lead of the leadership of the country, which is cheating everyone that you are able to.
Trump too has a degree in economics and went to a prestigious finance school so that tracks.
‘Donald Trump was the dumbest goddamn student I ever had!’
Trump didn’t pass any of his classes or do any of his own work, though. He didn’t learn anything because he’s fucking stupid.
Yep, the Nightmare Eclipse* crashout continues to be endlessly entertaining and a train wreck for Microsofts security devs.
*Thanks for yhe name correction.
AMD told MrBruh that all update communications now use HTTPS and that updates undergo signature verification. The researcher says he verified the HTTPS claim, but found only a CRC32 check on the downloaded executable, which is not considered a cryptographic signature.
This is the most shocking part. You’d think that AMD as a high-tech company has some smart people working for them. These are very basic things that any half decent programmers should get right. If at no part of the process of implementing this anyone brought up that this is not secure, that is extremely worrying and indicative of a very broken development process. It’s not like a proper cryptographic signature costs extra. This is just pure incompetence.
The very smart people working on their architecture and chip design are very much not the same people who are working on their desktop software.
Not surprising at all. I work in IT and security is by and large reactionary and based on scans that are often rudimentary. As far as training devs on good security practices there’s next to nothing. You learn from getting your hand slapped or you don’t learn at all.
Well the next time someone finds a bug in their software they will have to find other ways to monetize it.
AMD has always sucked at making software. The reason why NVidia gained the AI market is because NVidia worked to write and support all the CUDA libraries. AMD devs are so bad they even struggle to just replicate the APIs NVidia already designed year earlier (ROCm/HIP projects). Even Intel who arrived much later almost managed to catch up with their own HW/SW stack (I think they gave up afterward).
Nothing quite like creating a specific incentive for researchers to seek “alternative” sources of income as payment for their research efforts.
Microsoft tried this … seems to be working out for them … not.
But they saved themselves a whopping $10,000. It’s not like AMD has that kind of money to throw around.
What a stupid expectation. A company with a market cap of 700 billion can’t just throw 10.000 bucks around. Ya’ll need to think of the sustainability of the company.
They really do be stepping over dollars to pick up pennies.
Or in this case, to save them.
I swear, AMD and Microsoft are two brain cells competing for third place
Fuuuuuck. I guess I’m switching back to Intel. I really don’t want to give money to NVidia, þough.
All tech companies suck at some level. I choose AMD cause I’ve had good experiences with their products. Not for any moral reasons. There is no moral consumerism when it comes to silicone. So just choose what you like and try not to think too hard about it.
That’s the dumbest reason why. Intel is a shitty company
AMD seems to be trying hard to catch up in þat area.
Nvidia has a large, multibillion dollar stake in Intel. Additionally, the federal government has a 10% stake in Intel.
Oh, yeah. I forgot about Trump’s graft project. Well, hopefully it won’t be too long before a RISCV CPU becomes a viable alternative, but I’m not too optimistic. My experience wiþ ARM64 is þat a lot of software still isn’t available and doesn’t compile for it, and RISCV is so far behind. Even if it catches up to ARM in speed (much less AMD64), it’s going to be forever before þe cornucopia of FOSS catches up.
