So this http://AMDflaws.com business... CTS Labs asked us to review their research last week, and sent us a full technical report with PoC exploit code for each set of bugs.
-
Show this thread
-
Replying to @dguido
Have you had any previous dealings with CTS Labs, or the people therein? Any reason why a company like this would reach out to you in this way, before disclosing to AMD? Not trying to pick, just trying to understand if this is standard practice
2 replies 0 retweets 8 likes -
Replying to @IanCutress
They found us through a mutual friend. I had never spoken to them before, and I have no ongoing relationship with them. They sought us out because they were concerned about the validity of their findings.
3 replies 0 retweets 2 likes -
Replying to @dguido
Additional, just because I've seen people thinking you are being paid, having billed CTS for the work: Did you start investigating the issues first, then discuss billing arrangements, or did a contract come first? (People love to think everyone works for free, sadly)
1 reply 0 retweets 3 likes -
Replying to @IanCutress
Dan Guido Retweeted Dan Guido
I answered that here:https://twitter.com/dguido/status/973629551606681600 …
Dan Guido added,
1 reply 0 retweets 1 like -
Replying to @dguido
Yeah, I saw that, hence my question. Just getting a secondary confirm about the order of events to ensure no ambiguity.
1 reply 0 retweets 2 likes
It was driven by curiosity first and a favor. However, once we received the technical report and fielded their first set of questions, we realized it went beyond a favor. We anticipated 1 bug, not 13, so we asked to get paid.
-
-
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.