OpenBSD's De Raadt Pans 'Incredibly Bad' Disclsoure of Intel CPU Bug
lundi 8 janvier 2018, 12:34 , par Slashdot
troublemaker_23 quotes ITWire:
Disclosure of the Meltdown and Spectre vulnerabilities, which affect mainly Intel CPUs, was handled 'in an incredibly bad way' by both Intel and Google, the leader of the OpenBSD project Theo de Raadt claims. 'Only Tier-1 companies received advance information, and that is not responsible disclosure -- it is selective disclosure,' De Raadt told iTWire in response to queries. 'Everyone below Tier-1 has just gotten screwed.'
In the interview de Raadt also faults intel for moving too fast in an attempt to beat their competition. 'There are papers about the risky side-effects of speculative loads -- people knew... Intel engineers attended the same conferences as other company engineers, and read the same papers about performance enhancing strategies -- so it is hard to believe they ignored the risky aspects. I bet they were instructed to ignore the risk.'
He points out this will make it more difficult to develop kernel software, since 'Suddenly the trickiest parts of a kernel need to do backflips to cope with problems deep in the micro-architecture.' And he also complains that Intel 'has been exceedingly clever to mix Meltdown (speculative loads) with a separate issue (Spectre). This is pulling the wool over the public's eyes...'
'It is a scandal, and I want repaired processors for free.'
Read more of this story at Slashdot.
56 sources (32 en français)
dim. 22 avril - 00:41 CEST