alt Hacker NewsThey're not considering it not to be a vulnerability. They're simply saying it's outside the scope of their bug bounty program.
Replies
Retr0id • today at 2:01 AM
Looks like there's a serious security bug in their scope document.
➕ show 2 replies
They're not considering it not to be a vulnerability. They're simply saying it's outside the scope of their bug bounty program.
Looks like there's a serious security bug in their scope document.
Apparently it's also outside the scope of their bug fixing program, despite being trivially remotely exploitable to get privileged code execution.
Man in the middle attacks may be "out of scope" for AMD, but they're still "in scope" for actual attackers.
Ignoring them is indefensibly incompetent. A policy of ignoring them is a policy of being indefensibly incompetent.