
The hidden toll of fixing Meltdown and Spectre - HHend
https://www.wired.com/story/meltdown-and-spectre-patches-take-toll/
======
kiallmacinnes
The intro here was interesting to me, I hadn't considered the cost that
embargoed vulnerabilities like this might cause to people / companies outside
of the inner circle. How many man hours went into debugging AWS performance
drops alone before the public disclosure, and eventual identification of the
link between those performance drops and these issues?

Could AWS+similar have made people aware in advance that patches would slow
their system down? Would that have leaded to an earlier disclosure? Would it
have reduced the incidental costs?

Probably the answer is no - they couldn't have, but it's interesting to
consider.

