Flaws in AMD CPUs.

Steve Kinney admin at pilobilus.net
Thu Mar 22 13:35:53 PDT 2018 


On 03/14/2018 11:40 AM, jim bell wrote:
> Security researchers find flaws in AMD chips but raise eyebrows with rushed disclosure

[... ]

> Why the extremely non-technical video shot on green screen with stock backgrounds composited in? Why the scare tactics of calling out AMD's use in the military? Why don't the bugs have CVE numbers, the standard tracking method for nearly all serious issues? Why was AMD given so little time to respond? Why not, if as the FAQ suggests, some fixes could be created in a matter of months, at least delay the publication until they were available? And what's with the disclosure that CTS "may have, either directly or indirectly, an economic interest in the performance" of AMD? That's not a common disclosure in situations like this.

>     * This article originally appeared on TechCrunch.

Why?  Well, why not?  I will guess that the folks at CTS Labs shorted
AMD and made other "side bets" to cash in on the impact of the
disclosure.  They may have also quietly negotiated some direct
compensation from AMD's competitors.  Why else skip the traditional
advance warning to the vendor, and spend money directly attacking AMD's
reputation in the market?

I for one approve of this approach to bug disclosure for a couple of
reasons.  First, the bigger the impact on AMD shareholder value, the
more shareholders will demand AMD and comparable vendors spend money on
quality assurance programs to reduce their exposure on this front.  In
the broader context of software markets, a trend toward monetizing bug
reports by maximizing their cost to affected vendors will do more harm
to closed commercial enterprises than free & open ones, both because the
commercial vendors ship more and worse bugs, and because that's where
money can be made just by disparaging the product.

If this business model becomes a trend, I think it will result in better
quality across the board in affected products and markets.

:o)


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 490 bytes
Desc: OpenPGP digital signature
URL: <http://lists.cpunks.org/pipermail/cypherpunks/attachments/20180322/5bfde20b/attachment.sig>

More information about the cypherpunks mailing list